ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
CMMC Level 3 Gap Analysis Template (NIST SP 800-172) — with Apex Example
2
3
Purpose: Track readiness against 35 NIST SP 800-172 Enhanced Security Requirements.
4
Audience: Large/high-risk contractors supporting critical DoD programs.
5
6
How to use:
7
1) In 'Blank (35 Rows)', paste the verbatim 35 enhanced requirements from the official NIST SP 800-172 source.
8
2) For each, set In Place (Y/N), add evidence, select Examine/Interview/Test, and capture notes/follow-ups.
9
3) Review the 'Example — Apex Defense Systems' tab for a realistic large-contractor scenario.
10
4) Use 'Checklist' for leadership status and next steps.
11
12
Assessment Methods: Examine / Interview / Test (from NIST SP 800-171A).
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100