diff --git a/local-app/python-tools/cross-organization/check_cloudtrail.py b/local-app/python-tools/cross-organization/check_cloudtrail.py
old mode 100644
new mode 100755
diff --git a/local-app/python-tools/cross-organization/check_config.py b/local-app/python-tools/cross-organization/check_config.py
old mode 100644
new mode 100755
diff --git a/local-app/python-tools/cross-organization/check_ecr.py b/local-app/python-tools/cross-organization/check_ecr.py
old mode 100644
new mode 100755
diff --git a/local-app/python-tools/cross-organization/check_iam.py b/local-app/python-tools/cross-organization/check_iam.py
old mode 100644
new mode 100755
diff --git a/local-app/python-tools/cross-organization/check_iam_roles.py b/local-app/python-tools/cross-organization/check_iam_roles.py
old mode 100644
new mode 100755
index 1a117453..f62dc6a1
--- a/local-app/python-tools/cross-organization/check_iam_roles.py
+++ b/local-app/python-tools/cross-organization/check_iam_roles.py
@@ -2,7 +2,7 @@
 import json
 
 # --- VERSIONING ---
-__version__ = "1.0.0"
+__version__ = "1.0.1"
 
 def account_task(account_session, account_id, account_name, region):
     """
@@ -35,7 +35,7 @@ def account_task(account_session, account_id, account_name, region):
                 
                 # 3. Permissions Boundary
                 boundary = role.get('PermissionsBoundary', {})
-                boundary_name = boundary.get('PermissionsBoundaryArn', 'N/A').split('/')[-1] if boundary else 'N/A'
+                boundary_name = boundary.get('PermissionsBoundaryArn', None).split('/')[-1] if boundary else None
                 
                 # 4. Tags
                 # Boto3's list_roles returns tags in the main response structure
diff --git a/local-app/python-tools/cross-organization/check_tgw_attachments.py b/local-app/python-tools/cross-organization/check_tgw_attachments.py
old mode 100644
new mode 100755
diff --git a/local-app/python-tools/cross-organization/generate-cloudtrail-stop.sh b/local-app/python-tools/cross-organization/generate-cloudtrail-stop.sh
new file mode 100755
index 00000000..94d6df03
--- /dev/null
+++ b/local-app/python-tools/cross-organization/generate-cloudtrail-stop.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+FILE=$1
+if [ -z $FILE ]
+then
+  echo "* missing $FILE"
+  exit 1
+fi
+if [ ! -r $FILE ]
+then
+  echo "* cannot read $FILE"
+  exit 1
+fi
+
+awk -F, '{print "aws --profile",$2 "-" $3,"--region",$4,"cloudtrail","stop-logging","--name",$5}' $FILE
diff --git a/local-app/python-tools/cross-organization/remediate_tgw.py b/local-app/python-tools/cross-organization/remediate_tgw.py
old mode 100644
new mode 100755
diff --git a/local-app/python-tools/cross-organization/remediate_tgw_dns.py b/local-app/python-tools/cross-organization/remediate_tgw_dns.py
old mode 100644
new mode 100755
diff --git a/local-app/python-tools/cross-organization/run.check_iam_roles.sh b/local-app/python-tools/cross-organization/run.check_iam_roles.sh
new file mode 100755
index 00000000..5e219339
--- /dev/null
+++ b/local-app/python-tools/cross-organization/run.check_iam_roles.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+ORG="ent-gov"
+REGION="us-gov-east-1"
+CHECK="check_iam_roles"
+
+./org_runner.py --profile $ORG.org --region $REGION --role-name r-inf-org-controller --output --enable-checks $CHECK 2>&1 |& tee $ORG.$CHECK.$(date +%s).txt
diff --git a/local-app/python-tools/cross-organization/run.check_tgw_attachments.sh b/local-app/python-tools/cross-organization/run.check_tgw_attachments.sh
new file mode 100755
index 00000000..3e759e62
--- /dev/null
+++ b/local-app/python-tools/cross-organization/run.check_tgw_attachments.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+ORG="ent-gov"
+REGION="us-gov-east-1"
+
+./org_runner.py --profile $ORG.org --region $REGION --role-name r-inf-org-controller --output --enable-checks check_tgw_attachments 2>&1 |& tee $ORG.check_tgw_attachments.$(date +%s).txt
diff --git a/local-app/python-tools/cross-organization/run.sh b/local-app/python-tools/cross-organization/run.sh
new file mode 100755
index 00000000..e4af07f5
--- /dev/null
+++ b/local-app/python-tools/cross-organization/run.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+STAMP=$(date +%s)
+for f in lab-gov ent-gov ent-ew
+do
+  if [ $f == "ent-ew" ]
+  then
+    REGION="us-east-1"
+  else
+    REGION="us-gov-east-1"
+  fi
+
+  echo "# $f"
+  ./org_runner.py --profile $f.org --region $REGION --role-name r-inf-org-controller --output --enable-checks check_cloudtrail check_config 2>&1 |& tee org_runner.$f.txt
+  mkdir $f.$STAMP
+  mv org_runner.$f.txt audit_results.* $f.$STAMP/
+done