CompliAI

Inspiration

After talking to American Systems, we realized how much time companies waste preparing for compliance audits like CMMC and NIST. Auditors and employees sit there manually checking policies and configs line by line, which felt repetitive and perfect for automation.

What it does

CompliAI takes in policy and config files, checks them against CMMC and NIST 800-171, and produces a scorecard showing what’s satisfied, partial, or missing. It also generates AI written summaries which point out what aspect is failing.

How we built it

We used Next.js for the frontend and Recharts for visuals, with FastAPI on the backend to handle parsing PDFs, YAML/JSON configs, and mapping evidence across frameworks. We also integrated AI to make citations easier to read and more helpful.

Challenges we ran into

Keeping results accurate was tough because small mismatches could throw off the score. Handling long, messy guideline documents was also tricky, and we had to figure out how to balance rule based checks with AI reasoning

Accomplishments that we're proud of

We built a working system end to end: upload a file, run the analysis, and see results in a clean dashboard. We’re also proud of making it user friendly with visuals, filters, and AI generated messages.

What we learned

We learned how important it is to balance automation with human oversight, how small UX changes can make technical results more approachable, and how to keep a repo clean for deployment. We also learned a lot about auditing in general, internal and external auditing, cybersecurity, GRC, and CMMC and NIST policies.

What's next for CompliAI

We will implement CMMC level 2 and ISO for more advanced detection. We will further implement Gemini to create suggestions and fill missing gaps. We can add more functionality to the web app such as signing in and saving important documents. We can also add a direct communication portal between third party auditors and internal auditors.