Like many of you out there, we are approaching a CMMC audit and certification. Windchill is a big piece and I would like to think we have things well in hand. I was thinking last night, wouldn't it be great if there was a document/checklist that was tailored for a typical Windchill install that aligned to each of the NIST 800-171 controls? I do not expect PTC to hand this out as a standard download, reference document since there are so many varied ways Windchill can be deployed. "Wouldn't it be easier if it all just blew away?"

I could see this being a good, collaborative topic for possibly the Fed A&D working group or even customers in general since much of this is just good security and best practices. I can see the following table of information:

• NIST 800-171 control
• What is says
• What is means
• What is means to a Windchill admin or non-IT person
• What part of your Windchill install show evidence of compliance
• How to comply (or how NOT to comply/fail)
• Script or check to show compliance (run this...)

Some of the line items would not be relavent to the Windchill application or host it is running on which can cut down the list. In any case, hope we can generate some organic collaboration around this topic. If there is anything that the community site can do ( @olivierlp ) on this platform, that would be great. Happy to post any nuggets I learn over the next year.