Got questions? Contact our team today for a free CMMC Consultation
3.11.1
Conduct periodic risk assessments to identify threats, vulnerabilities, likelihoods, and impacts that may affect organizational systems, including system components and operations.
More details Less details
+ —
Relevant NIST SP 800-53 R5
RA-3: Conduct risk assessments that address risk from a mission and business process perspective.
Recommended Microsoft Licensing
Microsoft 365 E5 (or GCC High E5 for CUI)
3.11.2
Scan for vulnerabilities in the system regularly and when new vulnerabilities affecting the system are identified, and share information with stakeholders.
More details Less details
+ —
Relevant NIST SP 800-53 R5
RA-5 (1): Perform periodic vulnerability scans and update tools and techniques based on threat landscape.
Recommended Microsoft Licensing
Microsoft 365 E5 (or GCC High E5 for CUI)
3.11.3
Address system and application vulnerabilities identified during risk assessments by executing timely remediation actions. This ensures risk exposure is reduced to acceptable levels based on organizational risk posture.
More details Less details
+ —
Relevant NIST SP 800-53 R5
RA-5: Scan for vulnerabilities in information systems and applications; remediate identified weaknesses
Recommended Microsoft Licensing
Microsoft 365 E5 (or GCC High E5 for CUI)
Contact our team today
See how Agile IT's MSP for CMMC can strengthen your data security and allow your team to focus on your business's objectives and success.
Schedule a FREEconsultation