Contact person: Business Client

Phone:Show

Email:Show

Location: Chicago, United States

Budget: Recommended by industry experts

Time to start: As soon as possible

Project description:
"I am ready to move from concept to a production-ready MVP for a compliance-focused SaaS serving the U.S. Defense Industrial Base. The application must accept PDF and DOCX uploads, parse the unstructured content with an embedded LLM, and automatically generate a CMMC Level 2 System Security Plan covering all 110 controls.

Interface
I envision a hybrid experience: concise text guidance for data entry alongside interactive dashboards that show parsing progress, compliance gaps, and generated reports.

Primary goals
• Generate fully formatted, audit-ready SSPs and related artifacts
• Securely store and retrieve both source documents and outputs
• Present an at-a-glance compliance status board for executives and auditors

AI functionality required
• Document parsing and semantic analysis
• Data mapping and classification to specific CMMC controls
• Automated reporting and insights highlighting deficiencies and next steps

Scope of work
1. Design and build a secure, multitenant SaaS backend in Python (or an equivalent stack) that meets NIST 800-171 best practices.
2. Integrate a Large Language Model—fine-tuned if necessary—to extract data and align it with all Level 2 controls.
3. Develop a responsive web frontend (React preferred, alternatives considered) matching the hybrid interface vision.
4. Implement role-based access, encryption in transit and at rest, and detailed audit logging.
5. Provide an automated deployment pipeline (Docker, Terraform or similar) suitable for a GovCloud-ready environment.
6. Supply unit tests, developer-level documentation, and a live handover session.

Acceptance criteria
• Uploading sample documents produces a complete, correctly formatted SSP with at least 95 % control coverage.
• Dashboards update in real time, clearly showing compliance scores and outstanding tasks.
• An OWASP ZAP scan reveals no critical vulnerabilities.
• The codebase builds and deploys through the provided pipeline without manual intervention.

If you have proven success with SaaS MVPs, AI-driven document analysis, and especially CMMC or NIST frameworks, please share relevant links or demos." (client-provided description)