CMMC 2.0 • LEVEL 2 • RISK ASSESSMENT

RA.L2-3.11.1Risk Assessment

Assess the risk (including supply chain risk) of unauthorized disclosure resulting from the processing, storage, or transmission of CUI. Update risk assessments annually or following significant changes to the system, threat environment, or organizational missionCMMC/STIG.

NIST 800-171 Mapping

NIST 800-53 Controls

RA-3

Assessment Objectives

  • the risk (including supply chain risk) of unauthorized disclosure resulting from the processing, storage, or transmission of CUI is assessed.
  • risk assessments are updated annually or following significant changes to the system, threat environment, or organizational missionCMMC/STIG.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

RA.L2-3.11.2 Vulnerability Monitoring and Scanning RA.L2-3.11.3 Remediate Vulnerabilities in Accordance with Risk Assessments