CMMCDocs.comHome / Glossary / Risk Assessment (RA) Family
Risk Assessment (RA) Family
Also known as: RA family
The RA family covers 3 NIST SP 800-171 requirements governing risk assessment, vulnerability scanning, and vulnerability remediation.
The Risk Assessment (RA) family contains 3 NIST SP 800-171 Rev 2 security requirements: RA.L2-3.11.1 (periodically assess the risk to organizational operations), RA.L2-3.11.2 (scan for vulnerabilities periodically and when new vulnerabilities are identified), and RA.L2-3.11.3 (remediate vulnerabilities in accordance with risk assessments).
A C3PAO will ask for a documented risk assessment, recent vulnerability scan reports (Nessus, Qualys, Rapid7, etc.), and evidence of a defined remediation cadence with closure tracking. Vague or sporadic scanning is one of the most common findings.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account