RA.L2-3.11.3 Vulnerability Remediation

CMMC Practice RA.L2-3.11.3 – Vulnerability Remediation: Remediate vulnerabilities in accordance with risk assessments.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

Review the prioritized list of vulnerabilities generated from the vulnerability scanner. Not all vulnerabilities may affect an organization the same. Review the risks of not remediating the discovered vulnerabilities. The organization should build upon the prioritized list and develop a prioritized mitigation plan for closing the vulnerabilities identified and track their completion.