Documentation Index

Fetch the complete documentation index at: https://kb.northerndatasolutions.com/llms.txt

Use this file to discover all available pages before exploring further.

AC.L2-3.11.1[d]

  • Published on Apr 29, 2026
  • 1 minute(s) read
  • CT
 Prev Next

AC.L2-3.11.1[d] — Risk Assessment (Risk Assessments)

Domain: Risk Assessment (RA) | Practice: RA.L2-3.11.1 | Objective ID: 3.11.1[d]

Assessment Objective: Risk assessment results are documented.

Executive Summary

CMMC objective AC.L2-3.11.1[d] requires that risk assessment findings be documented in formal reports identifying threats, vulnerabilities, likelihood, and impacts. This documentation supports C3PAO evaluation during Level 2 assessments.

What the Objective Requires

A documented control implementation addressing the requirement that risk assessment results are documented. A named control owner accountable for AC.L2-3.11.1[d]. Formal risk assessment documentation maintained in GRC platform or secure repository. Evidence showing risk reports generated, reviewed, and approved on defined cadence. Mapping to NIST SP 800-53 RA controls.

How Northern Data Solutions Helps

NDS delivers Cyberwatch assessments and Compliance-as-a-Service platforms to ensure risk documentation is current, comprehensive, and audit-ready.

Related articles
  • AC.L2-3.11.1[e]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives
  • AC.L2-3.11.2[b]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives
  • AC.L2-3.11.1[c]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives