Gap Analysis Case Study for a Manufacturing Company

A small manufacturing company faced challenges in achieving Cybersecurity Maturity Model Certification (CMMC) compliance due to limited resources and the absence of dedicated enclaves. Seeking an effective and budget-friendly solution, the company engaged KLC Consulting, known for its expertise in assisting organizations ranging from Fortune 500 companies to small manufacturing firms.

The Introduction- Scoping and Understanding

KLC Consulting initiated the process by conducting a comprehensive scoping call to gain insights into the company’s network and how it handles Controlled Unclassified Information (CUI). Following the prevailing CUI scoping guide and their proprietary CUI data lifecycle approach, KLC Consulting accurately determined the scope of the CUI involved. They assessed the company’s systems and processes, paying particular attention to areas like email, CRM tools, and interactions with DOD contracting officers to identify potential vulnerabilities.

Gap Analysis Interviews

To ensure a thorough analysis, KLC Consulting conducted a series of four video calls, each lasting 2-3 hours, to delve deeply into the 14 security domains. These consultative interviews involved the company’s IT personnel alongside a team of KLC Consultants. Through this process, KLC Consulting gained a holistic understanding of the company’s security practices, including access controls, user identification, media marking, and vulnerability scanning. They pinpointed the specific gaps and vulnerabilities unique to the manufacturing company.

Scoring and Reporting Document

Based on the gap analysis, KLC Consulting compiled a comprehensive Scoring and Reporting Document for the company. This document delivered an in-depth evaluation of 110 security practices and 320 assessment objectives. Additionally, it provided a detailed breakdown in the form of a lower-level report, as well as a concise summary suitable for senior stakeholders. The report furnished the company with valuable metrics, SPRS scores, and specific recommendations to address the compliance gaps effectively. KLC Consulting collaborated with the client’s subject matter experts to gather feedback on the report and offered guidance on how to input the company’s own score.

Remediation Phase

Throughout the remediation phase, KLC Consulting extended its support, offering guidance on essential tasks such as creating data flow diagrams, categorizing assets, and developing security policies. While they were unable to serve as the C3PAO during this period due to federal regulations, they provided ongoing consultation to ensure a smooth remediation process. The manufacturing company relied on weekly calls with KLC Consulting, receiving step-by-step assistance to address the identified gaps while leveraging their remediation tools efficiently.

In conclusion

Thanks to the tailored solutions and expertise provided by KLC Consulting, the small manufacturing company was expertly prepared to undergo CMMC compliance within its resource constraints. By avoiding a one-size-fits-all approach, KLC Consulting demonstrated its commitment to meeting the unique needs of its clients. As a result, the company now possesses the necessary cybersecurity measures to confidently engage with DOD contracting officers and secure their position in the defense industry.

KLC Consulting's LinkedIn page:  More information about COTS Exemptions, CMMC, and NIST 800-171

Check out our YouTube channel and LinkedIn pages for the latest informational and educational resources for Cybersecurity Maturity Model Certification.

Scroll to Top