Risk Management - Level 3
CMMC RM.3.147 - Manage Non-Vendor-Supported Products
Requirement text: RM.3.147: Manage non-vendor-supported products (e.g., end of life) separately and restrict as necessary to reduce risk. DISCUSSION FROM SOURCE: CMMC Unsupported products are products that are no longer supported by the vendor. ...
CMMC RM.3.146 - Implement Risk Mitigation Plans
Requirement text: RM.3.146: Develop and implement risk mitigation plans. DISCUSSION FROM SOURCE: CERT RMM V1.2 When the consequences of risk exceed the organization’s risk thresholds and are determined to be unacceptable, the organization must act to ...
CMMC RM.3.144 - Perform Risk Assessments Periodically
Requirement text: RM.3.144: Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources, and risk measurement criteria. DISCUSSION FROM SOURCE: NIST CSF V1.1 The organization ...