NIST 800-171 Rev 2 + Rev 3-ready

110 Controls
Automated Evidence

Stop maintaining spreadsheets. ProlixoTech automatically collects evidence for all 110 NIST 800-171 security requirements (Rev 2 — current DoD contract baseline) with Rev 3 mapping in development.

Start Evidence Collection CMMC Overview

14 Control Families, One Platform

NIST 800-171 organizes 110 security requirements into 14 families. We cover them all.

3.1 22 requirements
Access Control
Limit system access to authorized users and transaction types.
3.1.1 3.1.2 3.1.3 +19 more
3.2 3 requirements
Awareness & Training
Ensure personnel are aware of security risks and trained in policies.
3.2.1 3.2.2 3.2.3
3.3 9 requirements
Audit & Accountability
Create, protect, and retain system audit records.
3.3.1 3.3.2 3.3.3 +6 more
3.4 9 requirements
Configuration Management
Establish and maintain baseline configurations and inventories.
3.4.1 3.4.2 3.4.3 +6 more
3.5 11 requirements
Identification & Authentication
Identify and authenticate users, processes, and devices.
3.5.1 3.5.2 3.5.3 +8 more
3.6 3 requirements
Incident Response
Establish incident handling capability and report incidents.
3.6.1 3.6.2 3.6.3
3.7 6 requirements
Maintenance
Perform maintenance and provide controls for maintenance activities.
3.7.1 3.7.2 3.7.3 +3 more
3.8 9 requirements
Media Protection
Protect, sanitize, and control system media containing CUI.
3.8.1 3.8.2 3.8.3 +6 more
3.9 2 requirements
Personnel Security
Screen individuals and protect CUI during personnel actions.
3.9.1 3.9.2
3.10 6 requirements
Physical Protection
Limit physical access and protect physical facility and equipment.
3.10.1 3.10.2 3.10.3 +3 more
3.11 3 requirements
Risk Assessment
Assess risk and scan for vulnerabilities periodically.
3.11.1 3.11.2 3.11.3
3.12 4 requirements
Security Assessment
Assess controls, develop POA&M, and monitor continuously.
3.12.1 3.12.2 3.12.3 3.12.4
3.13 16 requirements
System & Communications
Monitor, control, and protect communications at boundaries.
3.13.1 3.13.2 3.13.3 +13 more
3.14 7 requirements
System & Information Integrity
Identify, report, and correct flaws in a timely manner.
3.14.1 3.14.2 3.14.3 +4 more

Control → Artifact Mapping

Every requirement mapped to specific evidence with cryptographic timestamps. Click a family to explore.

Evidence Map Preview
Real-time view of your compliance posture
3.1.1 Limit system access to authorized users 3 artifacts
Azure AD Conditional Access Policy
M365 GCC High • Policy export
2026-01-20 09:15:22 UTC
User Access Review Report
Manual Upload • PDF
2026-01-19 14:32:01 UTC
Terminated Users Audit Log
Active Directory • Event log
2026-01-19 08:00:00 UTC
3.13.1 Monitor, control, and protect communications at system boundaries 2 artifacts

From Evidence to Export

Everything you need for your CMMC assessment.

Continuous Collection

Evidence is collected automatically from your connected systems. No manual screenshots or exports required.

Cryptographic Timestamps

Every artifact is signed with AWS KMS HSM. Assessors can verify evidence hasn't been tampered with.

One-Click Export

Generate SSP Evidence Appendix, POA&M, and assessor-ready evidence packages in the format C3PAOs expect.

Ready to Automate Your 800-171 Evidence?

Connect your systems and start building your evidence map today.

Start Free Trial CMMC Overview