A Gap Assessment means a 3rd party organization conducts the testing or evaluation of a non-Federal organization’s security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the NIST SP 800-171 and Federal Agency specified security requirements for the non-Federal organization’s information system. In a Gap assessment, the 3rd party organization may provide consultative advice on how to remediate deficiencies.