True North CMMC
Active DevCMMC Level 2 Compliance Dashboard · Flask 3.1 + PostgreSQL 16 + AES-256-GCM + ClamAV + Azure AD GCC High + Multi-SIEM
✅
10
Done
🔄
1
In Progress
⛔
0
Blocked
📋
3
Backlog
📋 Backlog3
Pre-deploy /audit-full security PDF + MR protocol
auditmr
Production deployment to VPS (True North client environment)
deployvpsprod
Assessor portal — end-to-end CMMC assessment workflow
assessorcmmcworkflow
🔄 In Progress1
Blueprint extraction — dashboard.py (1,966 lines) → 10 route modules
refactorarchitecturewip
⛔ Blocked0
Vacío
✅ Done10
Core Flask app + PostgreSQL schema (47 tables, 110 CMMC controls)
flaskpostgresschema
Azure AD GCC High SSO + TOTP MFA (5-attempt lockout, recovery codes)
Authmfaazure-ad
AES-256-GCM encryption at rest + FIPS TLS 1.2/1.3 via Nginx
cryptofipstls
ClamAV 1.4 + YARA malware scanning (fail-closed pipeline)
clamavyarascanning
CVE scanner — NIST NVD + CISA KEV feeds with disposition tracking
cvenistcisa
Multi-SIEM integration (Blumira, Sentinel, CrowdStrike, SentinelOne, Arctic Wolf)
siemblumiracrowdstrike
Azure AD cloud evidence (Intune + M365 Defender via GCC High)
azureintuneevidence
Docker Compose prod/dev + 3-network isolation + Nginx FIPS ciphers
dockernginxInfra
509+ pytest tests — auth, CSRF, roles, smoke, 500-error coverage
testspytestci
DB-backed time-limited assessor tokens + DBA perf fixes (indexes, FK, purge)
Securitydbaperf
📓 Daily Recaps
2026-04-16Project onboarded — full codebase analysis
▼