Gap
The difference between current state and a desired/required security state.
A gap analysis compares the current security posture against a target framework (NIST CSF, ISO 27001, CIS Controls) and catalogs each delta. The prioritized output — which gaps carry the most risk and what they cost to close — feeds the security roadmap, budget requests, and the risk register.