Gap Assessment
The GAP Assessment is required by NIST only.
It's
a subset of questions to determine your overall security posture, and
is a good starting port for any company doing a self assessment, or MSP
that is trying to determine the current status of a client company.
Regardless
of whether you're doing CMMC, the GAP Assessment is a good place to
start. All CMMC related Identifiers may not have GAP Assessment
buttons, but the majority do as they tie to NIST 800-171
There's two ways to handle the GAP Assessment. You can go through all the questions at once from the main dashboard:
Or you can address them directly in the identifier
Regardless
of how you choose to do it, filling it out in one section (the Full GAP
Assessment) or from the Identifier, matches it at both places. It's a
good starting point to determine Weaknesses as well, and where you need
to spend a lot of your focus.
Related Articles
NIST SP 800-171
What is NIST SP 800-171? NIST SP 800-171 refers to the National Institute of Standards and Technology, and specifically the special publication 800-171. It's had multiple revisions over the years, and came as a surprise to small and mid size ...NUDG Introduction
Welcome to NUDG Systems. This guide is meant to give you a brief overview of how we recommend starting your journey on cyber security compliance. While there's no right order to manage things, setting up the foundation correctly at the beginning can ...CMMC (Cybersecurity Maturity Model Certification)
What is CMMC (Cybersecurity Maturity Model Certification)? CMMC is the US Department of Defense (DoD) response to increasing cybersecurity and compromises of sensitive data across the defense industrial base. The first revision of the CMMC was on ...