What is the security control gap calculator for?

It estimates the remaining gap between required and implemented OT security controls.

What information should I enter?

Use required controls, implemented controls, and approved compensating controls or exceptions.

What does the result tell me?

The result helps prioritize compliance work and communicate roadmap progress.

When is the result only an estimate?

It is only an estimate when control scope, evidence quality, or framework mapping changes.

Industrial Cybersecurity & OT Risk calculator

Security Control Gap Calculator

Use this calculator to estimate the gap between required OT security controls and implemented controls. It supports compliance planning, roadmap prioritization, and audit remediation tracking without changing the control framework itself.

What this calculator does

Estimate the percentage gap between required OT security controls and implemented controls.
Use it when preparing audit remediation, IEC 62443 program reviews, NIST CSF mapping, or site security roadmaps.
The result estimates open control gap as a percentage of required controls.

Formula used

Security control gap = required OT security controls - implemented OT security controls - accepted compensating controls or exceptions
Security control gap rate = security control gap ÷ required OT security controls × 100

Inputs explained

Required OT security controls: Count controls required by policy, audit scope, IEC 62443 mapping, NIST CSF profile, site standard, or customer requirement.
Implemented OT security controls: Count controls implemented, evidenced, and operating for the same scope.
Accepted compensating controls or exceptions: Enter approved compensating controls, documented risk acceptances, or planned exclusions counted by your governance process.

How to use the result

Use it to prioritize audit remediation, roadmap funding, and governance reporting.
It depends on how your control framework counts evidence, compensating controls, and accepted exceptions.

Common questions

What is the security control gap calculator for? It estimates the remaining gap between required and implemented OT security controls.
What information should I enter? Use required controls, implemented controls, and approved compensating controls or exceptions.
What does the result tell me? The result helps prioritize compliance work and communicate roadmap progress.
When is the result only an estimate? It is only an estimate when control scope, evidence quality, or framework mapping changes.

Last reviewed 2026-05-12.