CMMC Gap Assessment
With the fate of DoD contract renewals and new opportunities hanging in the balance, the last thing a Defense Industrial Base (DIB) company wants is to engage a C3PAO to perform a CMMC assessment and fail. Only limited POAMs are allowable with CMMC 2.0 and the maximum remediation period is 180 days. Moreover, it will cost the additional effort and expense of remediating and reassessing your deficiencies. Let’s confirm your state of CMMC compliance beforehand with KLC Consulting’s CMMC Gap Assessment (also known as a CMMC Gap Analysis or Readiness Assessment).
“We knew we were close [to being fully compliant] but found it well worth hiring you to identify our deficiencies on some of our internal procedures and supporting documents. And thank you for noting in your report where we’ve done a good job!”
– Director of a Minnesota-based technology company
How We Work Together
KLC Consulting uses the current CMMC Assessment Guide published by the DoD to determine compliance through a CMMC Gap Assessment. We perform remote interviews with IT, operations, and management personnel to:
- Identify and discern the Controlled Unclassified Information (CUI) your organization handles
- Determine if the required security practices are followed for each assessment objective
- Evaluate whether CMMC requirements are met
- Analyze supporting evidence for each assessment objective
- Provide you with a list of Practices and Assessment Objectives that meet requirements vs. those that don’t; with an explanation of why
- A one-hour debrief call to present findings and answer your questions

CMMC Gap Assessment Package
KLC’s CMMC Gap Analysis simulates an independent C3PAO assessment.
Your CMMC Gap Assessment Report includes:
- Executive Summary with your compliance percentage for CMMC 2.0
- A list of Practices and Assessment Objectives that meet requirements and those that don’t meet requirements – with explanations
- Our letter of opinion
- A one hour debrief call to present deliverables and answer questions
Prices start at $5,000 for a small DIB client seeking CMMC Level 1, and:
- The CMMC Level you pursue (1 or 2)
- Size and complexity of your IT infrastructure
Now you’re ready to hire a C3PAO to seek CMMC certification
Check out our CMMC Gap Assessment video discussion!
Transcript:
[Paul] So, we’re going to talk today about Gap Assessments. We get a lot of questions about it. So, I thought it would be good if we talk about that here in this video today.
[Kyle] Okay yeah a Gap Assessment is an Assessment of where you are today …
Watch our video discussion about NIST 800-171 and CMMC Gap Assessment
The next Step is to Remediate POAM Deficiences and Hire a C3PAO
CMMC Consulting
Help with Remediating Your POA&M Items
KLC Consulting’s DoD cybersecurity experts coordinate with your team to support all areas of NIST 800-171 and CMMC. Let’s improve your CMMC Compliance program!
Let’s Talk About a CMMC Gap Assessment!
We meet you where you’re at and bring you to ‘CMMC Assessment Ready’
with as much or as little help as you need

Free advice and useful resources