Documentation Index

Fetch the complete documentation index at: https://kb.northerndatasolutions.com/llms.txt

Use this file to discover all available pages before exploring further.

AC.L2-3.11.1[e]

  • Published on Apr 29, 2026
  • 1 minute(s) read
  • CT
 Prev Next

AC.L2-3.11.1[e] — Risk Assessment (Risk Assessments)

Domain: Risk Assessment (RA) | Practice: RA.L2-3.11.1 | Objective ID: 3.11.1[e]

Assessment Objective: Risk assessment results are used to inform risk management decisions.

Summary

AC.L2-3.11.1[e] requires that organizations use risk assessment outputs to prioritize security investments, justify control implementations, and make risk acceptance decisions with appropriate authority. Evidence of this usage is critical for CMMC Level 2 compliance.

Key Requirements

Documented process for risk-driven decision making. Evidence that risk assessments inform security budgets and control prioritization. Executive sign-off on risk acceptance decisions. Cross-linking of mitigation strategies to risk findings. Regular review of risk-based decisions by leadership.

How NDS Helps

Cyberwatch, Cyberwatch Advanced, and Compliance-as-a-Service platforms help organizations maintain audit trails showing how risk results drive organizational decisions.

Related articles
  • AC.L2-3.11.1[d]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives
  • AC.L2-3.11.1[c]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives
  • AC.L2-3.11.2[b]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives