Documentation Index

Fetch the complete documentation index at: https://kb.northerndatasolutions.com/llms.txt

Use this file to discover all available pages before exploring further.

AC.L2-3.11.2[a]

  • Published on Apr 29, 2026
  • 1 minute(s) read
  • CT
 Prev Next

AC.L2-3.11.2[a] — Risk Assessment (Vulnerability Assessments)

Domain: Risk Assessment (RA) | Practice: RA.L2-3.11.2 | Objective ID: 3.11.2[a]

Assessment Objective: Vulnerabilities are identified and documented.

Summary

AC.L2-3.11.2[a] requires organizations to identify and document system and software vulnerabilities through periodic vulnerability assessments. Organizations must maintain a vulnerability registry tied to CUI systems.

Key Requirements

Documented vulnerability scanning process. Automated scanning tools configured and operational. Vulnerability database or registry maintained. Regular assessment cadence (at least annual). Cross-references to remediation efforts and POA&M.

NDS Support

Cyberwatch provides third-party vulnerability assessment and validation services to support AC.L2-3.11.2[a] compliance.

Related articles
  • AC.L2-3.11.2[b]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives
  • AC.L2-3.11.2[e]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives
  • AC.L2-3.11.2[d]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives