Posture score
63/100
Moderate readiness
Fictional SMB example
Sample CyberGapAudit Output
A fictional but realistic preview of what a small business security readiness output can look like after an assessment. Your real output reflects your own answers, environment, and follow-up work.
- Posture score and weak areas at a glance
- Prioritized remediation work with owners and status
- Evidence checklist for reviews, MSP handoff, and readiness prep
CyberGapAudit
Executive Snapshot
2026
Strongest area
Governance
76/100
Weakest area
Detection
38/100
Next review
July 15, 2026
90-day cadence from assessment date
Executive Snapshot
A board-friendly summary that keeps the score tied to categories, review cadence, and next work.
Posture score
63/100
Moderate readiness
Strongest area
Governance
76/100
Weakest area
Detection
38/100
Next review
July 15, 2026
90-day cadence from assessment date
Top Remediation Priorities
The sample output turns low-scoring areas into concrete work. Risk, effort, owner, due date, and status are shown so the next action is visible.
PriorityTaskRiskEffortOwnerDue dateStatus
1Priority
Enable and tune endpoint detection across all laptops and servers
NIST DE.CM / PR.PS
High
EffortMedium
OwnerJordan D.
Due dateJun 24, 2026
In progress2Priority
Require multi-factor authentication for all admin and finance accounts
NIST PR.AA
High
EffortLow
OwnerAlex M.
Due dateJun 28, 2026
Not started3Priority
Create immutable backup checks and document restore-test evidence
NIST RC.RP / PR.DS
High
EffortMedium
OwnerSam L.
Due dateJul 05, 2026
Planned4Priority
Approve an incident response plan with contact tree and escalation steps
NIST RS.MA
Medium
EffortMedium
OwnerTaylor P.
Due dateJul 10, 2026
In progress5Priority
Run short security awareness training and keep attendance records
NIST PR.AT
Medium
EffortLow
OwnerAlex M.
Due dateJul 15, 2026
PlannedEvidence Checklist
Evidence guidance turns advice into proof. The sample groups evidence by the type of record a customer, insurer, consultant, or auditor may ask to inspect.
Policy / Process Evidence
- Information security policy approved
- Acceptable use policy acknowledged
- Data classification process documented
- Vendor risk review process
- Incident response plan approved
- Business continuity plan
Technical Evidence
- Endpoint protection installed
- EDR enabled and tuned
- Firewall rules reviewed
- MFA enforced for privileged users
- Backup restore test record
- Vulnerability review cadence
Ownership / Review Evidence
- Roles and responsibilities defined
- Security awareness records
- Management review of security
- Third-party access review
- Risk register or risk assessment
- Penetration test, if applicable
Owner and Status Preview
The future workflow is designed around accountability: owners, status, progress, and evidence gaps stay connected to the weak control areas.
AreaOwnerStatusProgressEvidence
Governance
JDJordan D.
On track76%
8 of 10 ready
Identify
AMAlex M.
On track68%
6 of 9 ready
Protect
SLSam L.
On track65%
7 of 11 ready
Detect
TPTaylor P.
At risk38%
3 of 9 ready
Respond
JDJordan D.
In progress55%
4 of 8 ready
Recover
AMAlex M.
Planned44%
3 of 7 ready
Export Packet Preview
Export is a delivery format. The value is the structured remediation plan, evidence guidance, progress trail, and handoff-ready readiness context.
Executive Summary
Posture score, key risks, strongest areas, and the first remediation moves.
Gap Matrix
Weak areas mapped to NIST CSF functions and practical readiness needs.
Remediation Status
Prioritized tasks with owners, due dates, status, effort, and risk.
Evidence Checklist
Evidence to collect, review, or update before customer or insurer requests.
Consultant / MSP Handoff
Clean context for a qualified professional who helps validate or implement the work.
Honest Limitations
CyberGapAudit helps prepare and organize security readiness work. It does not certify, attest, guarantee compliance, provide legal advice, or replace qualified professional review. Results are based on the information you provide and should be validated through internal review and, where required, a qualified consultant, auditor, insurer, or certification body.
Use the sample, then run your own baseline
Start free to see your score and first priorities. Upgrade only when you need deeper control breakdowns, evidence guidance, progress tracking, and handoff-ready structure.