NIST SP 800-171 & CMMC 2.0 3.11.3 Requirement:

Remediate vulnerabilities in accordance with risk assessments.

NIST SP 800-171 & CMMC 2.0 3.11.3 Requirement Explanation:

Not all vulnerabilities identified by a vulnerability scan pose the same level of risk. Prioritize mitigation efforts to close the most critical vulnerabilities first. Track all vulnerability remediation to ensure completion; also track vulnerabilities that you have determined not to remediate.

Example NIST SP 800-171 & CMMC 2.0 3.11.3 Implementation:

Remediate the vulnerabilities identified by your vulnerability scans. This often involves applying security updates and patches to your systems. Document the discovered vulnerabilities in a plan of action and milestones document so that you can track your progress towards mitigating them. Prioritize mitigation efforts to close the most critical vulnerabilities first.

NIST SP 800-171 & CMMC 2.0 3.11.3 Scenario(s):

- Scenario 1:

You performed a vulnerability scan of your network and identified several vulnerabilities. The vulnerability scanner automatically categorizes them based on their level of severity. You add these vulnerabilities to your plan of action and milestone POA&M document to track their status. You task IT staff to mitigate the vulnerabilities.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Learn More
HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
Learn More
FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
Learn More
ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
Learn More