Skip to content
Log in

Gap analysis

Definition

The process of comparing what a framework requires against what an organisation has actually implemented, to identify controls that are absent, partial, or non-evidenced. In the mapping context, gap analysis also identifies framework-specific requirements that have no equivalent in the other frameworks in scope, since those cannot be covered by shared evidence.

Related terms

Control catalogue
A structured list of security controls, each with an identifier, a statement of intent, and (in detailed catalogues) implementation guidance. Examples include...
Control family
A grouping of related controls within a catalogue. NIST SP 800-53 uses 20 families identified by two-letter codes: AC (Access Control), AU...
Crosswalk
A published table that aligns controls from two frameworks side by side to show which controls address the same security objective. NIST,...
Implementation Group (IG)
A CIS Controls concept that divides the 153 safeguards across three tiers by organisational size and risk profile. IG1 (56 safeguards) covers...
Unified control mapping
An organisation-specific artefact that consolidates multiple crosswalks into a single table, adds columns for the organisation's own control implementations and evidence artefacts,...

Explained in

  • Mapping Controls Across FrameworksThe process of comparing what a framework requires against what an organisation has actually implemented, to identify controls that are absent, partial, or non...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account