Skip to content

claude.md

Latest commit

 

History

History
174 lines (140 loc) · 5.44 KB

claude.md

File metadata and controls

174 lines (140 loc) · 5.44 KB

Claude Progress Notes - CMMC Compliance Tracker

Project Overview

A web application for tracking NIST 800-171 compliance and generating System Security Plans (SSP) for CMMC Level 2 certification.

Tech Stack:

  • Frontend: React 18, React Router 6
  • Backend: Node.js, Express
  • Database: PostgreSQL 15
  • ORM: Prisma
  • Document Generation: docx
  • Containerization: Docker

Recent Session Progress (January 2025)

Features Implemented

1. SSP Browser Preview Feature

Created a full browser-based SSP preview that renders the complete System Security Plan document matching the IntelliGRC template style.

New File: client/src/pages/SSPPreview.js

Features:

  • Cover page with system name
  • Record of Changes table
  • Approvals/signature section
  • Introduction section
  • Section 1: Information System Name
  • Section 2: System Roles & Responsibilities with role definitions
  • Section 3: Information System Details
    • Operational Status (checkboxes)
    • Information System Type
    • System Environment Description
    • System Data Types with CIA impact ratings
    • Overall System Categorization (CIA)
    • System Interconnections
    • Related Laws, Regulations & Policies
    • Physical Locations & Security
    • Security Control Selection summary
  • Section 4: Minimum Security Controls
    • SPRS Score display
    • Compliance pie charts per control family
    • Expandable/collapsible control tables
  • Section 5: POA&M Summary
  • Print-ready styling with cyan headers (matching IntelliGRC)
  • Dark mode support

Access: Reports page > "View Full SSP Preview" button, or /ssp-preview

2. Enhanced Database Schema

New Models Added:

Model Purpose
Personnel Roles & responsibilities (name, role, title, email, phone, roleDefinition)
DataType System data types with CIA impact ratings
PhysicalLocation Physical locations and security measures
Interconnection External system connections
LawRegulation Applicable laws, regulations, policies
SSPVersion Record of changes/version history

Enhanced Models:

SystemInfo - Added:

  • uniqueIdentifier - System unique ID (e.g., "GoG-IS")
  • operationalStatus - OPERATIONAL, UNDER_DEVELOPMENT, MAJOR_MODIFICATION
  • systemType - e.g., "General Support System"
  • systemTypeDescription
  • environmentDescription
  • confidentialityLevel, integrityLevel, availabilityLevel - CIA ratings
  • overallCategorization
  • systemDiagramPath, dataFlowDiagramPath

Assessment - Added:

  • findings - Assessment findings
  • recommendations - Recommendations for improvement
  • validationMethods - Artifacts/methods used to validate

3. New API Endpoints

SSP Data:

  • GET /api/ssp/full-data - Returns all SSP data for browser preview

Personnel CRUD:

  • POST /api/system-info/personnel
  • PUT /api/system-info/personnel/:id
  • DELETE /api/system-info/personnel/:id

Data Types CRUD:

  • POST /api/system-info/data-types
  • PUT /api/system-info/data-types/:id
  • DELETE /api/system-info/data-types/:id

Physical Locations CRUD:

  • POST /api/system-info/physical-locations
  • PUT /api/system-info/physical-locations/:id
  • DELETE /api/system-info/physical-locations/:id

Interconnections CRUD:

  • POST /api/system-info/interconnections
  • PUT /api/system-info/interconnections/:id
  • DELETE /api/system-info/interconnections/:id

Laws & Regulations CRUD:

  • POST /api/system-info/laws-regulations
  • PUT /api/system-info/laws-regulations/:id
  • DELETE /api/system-info/laws-regulations/:id

SSP Versions CRUD:

  • POST /api/system-info/ssp-versions
  • DELETE /api/system-info/ssp-versions/:id

Pending Tasks

Database Migration Required

After pulling the latest code, run:

cd server
npx prisma migrate dev --name add_ssp_models

Future Enhancements to Consider

  1. System Info Page UI - Add forms to manage the new models (Personnel, DataTypes, Locations, etc.)
  2. Diagram Upload - Allow uploading system and data flow diagrams
  3. Assessment Objectives - Break down practices into individual assessment objectives ([a], [b], [c]) like in the IntelliGRC template
  4. PDF Export - Direct PDF generation in addition to Word export
  5. Table of Contents - Auto-generated TOC for the SSP document

Key Files

File Description
server/prisma/schema.prisma Database schema with all models
server/src/index.js All API endpoints
client/src/pages/SSPPreview.js SSP browser preview component
client/src/pages/Reports.js Reports page with SSP actions
client/src/pages/SystemInfo.js System info editing page
client/src/index.css All styling including SSP preview styles

Running the Project

With Docker

docker-compose up -d
# Frontend: http://localhost:3000
# Backend: http://localhost:5000

Local Development

# Terminal 1 - Server
cd server
npm install
npx prisma migrate dev
npm run db:seed  # First time only
npm run dev

# Terminal 2 - Client
cd client
npm install
npm start

Reference Files

  • ExtractPage1.pdf - Example SSP template from IntelliGRC (used as reference for styling)
  • ExtractPage1.txt - Text extraction from the PDF

Git History (Recent)

  • 6c2e654 - Add SSP browser preview and enhanced data models
  • 4a8f0ce - Fix SSP preview API response property names
  • a30a872 - Add comprehensive README with documentation
  • 1293fca - Add SSP generation feature with template-assisted implementation statements