CMMC
[!IMPORTANT]
CMMC currently uses NIST 800-171 Rev 2. If you want to get ahead of eventual compliance using Rev 3, then this application is for you. NIST provides a change analysis for what's different.
It was challenging to find resources for NIST 800-171 Revision 3 and CMMC compliance, so this application was created to make writing SSP's a bit easier, without having to stare at an excel spreadsheet.
By going through the 800-171 controls, you can generate a markdown file with all statuses and notes for each security control.
Features
- Stores data client-side using IndexedDB
- Generates a markdown file for compliance (Good for System Security Plan!)
- Generates a POAM in CSV for unimplemented requirements
- Allows for exporting and importing the database for archived storage
- Offline usage with PWA and Service Workers
Usage
- Go to CMMC app
- Start working through security controls for a family
- Choose whether it has been implemented or not, and any notes
- Click the upper right menu
- Click
Generate Reportto download a markdown document - Click
Generate POAMto download a CSV for gap items
Icon Meanings
- π’ A family, requirement, or security requirement is implemented.
- π΄ A family, requirement, or security requirement is not implemented (e.g. any security requirement within a family/requirement is not implemented).
- π‘ A family or requirement is partially implemented (e.g. any security requirement within a family/requirement is partially implemented)
- β« A family, requirement, or security requirement is not applicable.
- βͺ A family, requirement, or security requirement has not been started (default).
- π§ A family or requirement has remaining work.
Privacy
All data is stored locally on your device using IndexedDB. There are no privacy concerns, as there are no 3rd party tracking, analytic, or external servers used to for this application.
Resources
- NIST 800-171 Revision 3 Final.
- JSON used for the application from csrc.nist.gov.
- CMMC COA is a great resource as well for CMMC.
License
This project is licensed under the MIT License and has no affiliation with NIST.