A client-side wizard that helps defense contractors determine whether their data qualifies as Controlled Unclassified Information (CUI) under 32 CFR Part 2002, identifies applicable NARA CUI Registry categories, and surfaces the resulting CMMC obligations.
Live: cui-identifier.aptsecuritymanagement.com
- Walks through a progressive screening questionnaire based on 32 CFR Part 2002 and DoD CIO guidance
- Identifies CUI categories from the NARA Registry (CTI, ITAR/EAR, Privacy/PII, PHI, Source Selection, Critical Infrastructure, NATO)
- Outputs a verdict: Confirmed CUI, Likely CUI, FCI (not CUI), Likely Not CUI, or Inconclusive
- Maps the verdict to a CMMC implication: Level 1, Level 2 Self-Assessment, or Level 2 C3PAO Certification
- Exports a two-page PDF determination memorandum via jsPDF
- Vite 8 + React 19 + TypeScript 6
- Tailwind CSS 4 (
@tailwindcss/vite) - Zustand 5 (persisted to
localStorage) - jsPDF 4 + jspdf-autotable 5 for PDF export
- Cloudflare Pages (static hosting)
npm install
npm run devnpm run build- 32 CFR Part 2002 (NARA CUI Program rule)
- NARA CUI Registry category definitions
- DFARS 252.204-7012 (CTI trigger clause)
- DoD CIO CMMC Level Determination Brief (Dec 2024)
FSL-1.1-Apache-2.0 — see LICENSE.