CMMC Gap Analysis: 3-Week Assessment

KTL Solutions

Gap Analysis of NIST and CMMC requirements for Government Contractors.

KTL Solutions is a Microsoft Gold Partner with decades of experience working with Government Contractors. We understand the complexity of everchanging compliance regulations and the critical importance of keeping your information secure. KTL is a CMMC-RPO; we stay abreast of updates in compliance and are here to guide you.

KTL will review all information gathered in the investigative process to include polices, documented practices, interviews, and any additional relevant information and produce a CMMC Gap Analysis Report that will articulate the following:

• Executive Summary of organization’s Current State: Review of the current state of cybersecurity maturity as compared to each domain of the CMMC/NIST 800-171 requirements.

• Control Analysis: A list of CMMC required security controls and the current ability of your organization to satisfy those controls in a pass/fail context. For each practice or process to which your organization is discovered to be non-compliant, KTL will recommend a course of action to remediate these shortcomings. Those areas requiring improvement will be clearly identified, documented, and presented in a format that can be leveraged by executive management to serve as a foundation for formal security program improvement and compliance attainment.

Many missing controls can be facilitated in Azure Government. Typical findings include:

• A need for a log management solution. KTL can assist with the implementation of Azure Sentinel and configure your network to meet log management requirements.

• A need for a more defined system boundary when segmenting a network. KTL has worked with many organizations that need to segment commercial from DOD work. We will determine what Virtual Machines, VPN Gateway, Firewalls, and other items are needed in Azure Government to provide a clear boundary between systems.

Time frame is 2-3 weeks for completion.