I built this because it was challenging to find resources for NIST 800-171 Revision 3 and CMMC compliance.

By going through the 800-171 controls, you can generate a markdown file with all statuses and notes for each security control. Withdrawn controls are filtered out from the revision 2 -> revision 3 migration.

• Stores data client-side using IndexedDB, ensuring no privacy concerns
• Generates a markdown file for compliance (Good for System Security Plan!)
• Allows for exporting and importing the database for archived storage

1. Go to nist-sp-800-171
2. Start working through security controls for a family
3. Choose whether it has been implemented or not, and any notes
4. Click the upper right menu
5. Click Generate Report to download a markdown document

• 🟢 A family, requirement, or security requirement is implemented.
• 🔴 A family, requirement, or security requirement is not implemented.
• ⚫ A family, requirement, or security requirement is not applicable.
• ⚪ A family, requirement, or security requirement has not been started (default).
• 🟡 A family or requirement is partially implemented (some security requirements are implemented and not implemented)
• 🚧 A family or requirement has remaining work.

All data is stored locally on your device using IndexedDB. There are no privacy concerns, as no data is sent to any server.

• NIST 800-171 Revision 3 Final.
• JSON used for the application from csrc.nist.gov.
• CMMC COA is a great resource as well for CMMC.

This project is licensed under the MIT License. I have no affiliation with NIST.

Made the app in a couple days... don't expect the best code.