CMMC Practice RM.2.143: Remediate vulnerabilities in accordance with risk assessments.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Review the prioritized list of vulnerabilities generated from the vulnerability scanner. Not all vulnerabilities may affect an organization the same. Review the risks of not remediating the discovered vulnerabilities. The organization should build upon the prioritized list and develop a prioritized mitigation plan for closing the vulnerabilities identified and track their completion.