Important
CMMC currently uses NIST 800-171 Rev 2. If you want to get ahead of eventual compliance using Rev 3, then this application is for you. NIST provides a change analysis for what's different.
It was challenging to find resources for NIST 800-171 Revision 3 and CMMC compliance, so this application was created to solve that case.
By going through the 800-171 controls, you can generate a markdown file with all statuses and notes for each security control. Withdrawn controls are filtered out from the revision 2 -> revision 3 migration.
- Stores data client-side using IndexedDB, ensuring no privacy concerns
- Generates a markdown file for compliance (Good for System Security Plan!)
- Generates a POAM in CSV for unimplemented requirements
- Allows for exporting and importing the database for archived storage
- Go to CMMC app
- Start working through security controls for a family
- Choose whether it has been implemented or not, and any notes
- Click the upper right menu
- Click
Generate Reportto download a markdown document
- 🟢 A family, requirement, or security requirement is implemented.
- 🔴 A family, requirement, or security requirement is not implemented.
- ⚫ A family, requirement, or security requirement is not applicable.
- ⚪ A family, requirement, or security requirement has not been started (default).
- 🟡 A family or requirement is partially implemented (some security requirements are implemented and not implemented)
- 🚧 A family or requirement has remaining work.
All data is stored locally on your device using IndexedDB. There are no privacy concerns, as no data is sent to any server.
- NIST 800-171 Revision 3 Final.
- JSON used for the application from csrc.nist.gov.
- CMMC COA is a great resource as well for CMMC.
This project is licensed under the MIT License and has no affiliation with NIST.