Perform gap analysis

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Perform a Gap analysis of cybersecurity activities.

    Before you begin

    Policy and Compliance Management Role required: admin

    NIST CSF sn_irm_nist_csf.risk_executive or sn_irm_nist_csf.security_officer

    About this task

    Note:
    The Gap analysis process should not take more than a minute. A weekly job that runs the gap analysis for users so the metrics are up-to-date.

    Procedure

    1. Navigate to All > NIST CSF > Framework Profiling > Gap Analysis.
    2. Search for the target using the Name or Profile fields.
    3. Open the target record.
    4. Click the Activities related list and select the activity.
    5. Review the activity and click Gap Analysis to initiate the Gap analysis.
    6. To view control objectives for the cybersecurity policy that do not have any controls in-place for the target's profile, click the Gaps related list.
    7. To view issues with cybersecurity controls that are non-compliant because of implementation issues, click the Non-compliant controls related list.
    8. To view Failed indicators of controls and risks for the target's profile, click the Failed Indicators related list.
    9. To view risks associated with controls for the target's profile, click the Risks related list.
    10. To view issues related to the controls and risks for the target's profile, click the Issues related list.
    11. To view action plans for the target's profile, click the Action Plans related list.
    12. Click Save.