NIST 800-171 GAP Analysis
Access Control (AC)
[Details]
Do you have Access Control measures (AC-3) in place?
Yes
No
Awareness and Training (AT)
[Details]
Is Security Awareness Training (AT-2) conducted regularly?
Yes
No
Audit and Accountability (AU)
[Details]
Do you have Audit and Accountability measures (AU-2) in place?
Yes
No
Configuration Management (CM)
[Details]
Is there a Configuration Management process (CM-2) in place?
Yes
No
Identification and Authentication (IA)
[Details]
Are Identification and Authentication controls (IA-2) implemented?
Yes
No
Incident Response (IR)
[Details]
Is an Incident Response Plan (IR-4) implemented?
Yes
No
Maintenance (MA)
[Details]
Are there regular Maintenance activities (MA-2) in place?
Yes
No
Media Protection (MP)
[Details]
Do you have Media Protection controls (MP-4) in place?
Yes
No
Personnel Security (PS)
[Details]
Are there Personnel Security controls (PS-3) in place?
Yes
No
Physical Protection (PE)
[Details]
Are Physical Protection measures (PE-2) in place?
Yes
No
Risk Assessment (RA)
[Details]
Is Risk Assessment (RA-3) regularly performed?
Yes
No
Security Assessment (CA)
[Details]
Is a Security Assessment (CA-2) conducted regularly?
Yes
No
System and Communications Protection (SC)
[Details]
Are System and Communications Protection measures (SC-7) implemented?
Yes
No
System and Information Integrity (SI)
[Details]
Are System and Information Integrity (SI-2) measures in place?
Yes
No
Submit