# Compliance Gap Assessment Report

> Generated: 2026-04-14
> Framework: **CMMC Level 1** (CIS IG1 Starter Pack)
> Practices failing: **3** / 17
> Scan Coverage: 12/17 requirements scanned
> Failing: **3** | Passing: 9 | Not scanned: 0

## Executive Summary

Of **17** CMMC L1 practices, **3** have failing Prowler checks. The 4 Physical Protection practices (PE family) and 1 amber practice (AC.L1-b.1.iv) require narrative evidence from the Physical Protection Policy at `policies/physical-protection-policy.md`; they are not automatable. Scope the remediation plan to the failing practices plus completion of the policy template.

**Failing practices:**

- `AC.L1-b.1.ii` (coverage: green)
- `IA.L1-b.1.v` (coverage: green)
- `IA.L1-b.1.vi` (coverage: green)

---