Back to Service Library
Service Catalog / Strategic Advisory & Professional Services / Compliance Readiness / CMMC Gap Assessment
157CMMCGA Base

CMMC Gap Assessment

On this page

    Service Overview

    Many businesses face security and privacy compliance requirements. Understanding the path to compliance can be difficult and a lack of clarity can lead to controls that are too expensive, overbearing, or on the opposite end of the spectrum, simply not adequate or reasonable. These gaps may cause minor inconveniences or significant damages and they may result in severe financial penalties, loss of public trust, and damage to corporate reputation.


    A Gap Assessment provides the basic insight necessary to formulate a reasonable action plan and path to compliance, while considering the unique organizational environment, including people, process, and technology. Because compliance is not optional, understanding gaps, documenting, and communicating them, and building a corrective action plan should be performed to an adequate and reasonable level.


    This Gap Assessment will provide a comprehensive evaluation of the Client's compliance and a plan for effectively mitigating those gaps.

    Objectives

    The objectives of this initiative are as follows:

    • Perform a current state analysis
    • Identify and document gaps in compliance to CMMC 2.0
    • Provide the necessary data to develop a corrective action plan
    • Initiate the Compliance Program that aligns with CMMC 2.0
    • Prepare for risk-based prioritization of control implementation

    Methodology

    This Gap Assessment project consists of the following phases:

    1. Interview Schedule
      1. The client will identify the departments and stakeholders required to attend interview sessions by completing the interview schedule provided by DeepSeas.
    2. Gap Assessment
      1. DeepSeas will conduct interview sessions, per the interview schedule, to identify program strengths and weaknesses by assessing the Client's environment against CMMC, as defined in the Scope.

    Deliverables

    DeepSeas will produce the following deliverables:

    1. Findings Details - DeepSeas will deliver a detailed findings document that identifies pertinent details and scoring for control gaps.
    2. Gap Assessment Report - DeepSeas will deliver a report summarizing the findings of the initiative.


    Additionally, DeepSeas will leverage and/or provide the following materials:

    1. Interview Schedule Template - DeepSeas will provide the Client with a template with an overview of control families and suggested roles to attend the Gap Assessment.

    Client Responsibilities

    The Client is responsible for the completion of the following tasks, in accordance with agreed-upon timelines established as part of the project plan.

    1. Client to assign a point of contact (POC) responsible for client coordination and logistics.
    2. The Client is responsible for scheduling and coordination of internal Client resources for all project work.