Documentation Index

Fetch the complete documentation index at: https://kb.northerndatasolutions.com/llms.txt

Use this file to discover all available pages before exploring further.

AC.L2-3.11.2[d]

  • Published on Apr 29, 2026
  • 1 minute(s) read
  • CT
 Prev Next

AC.L2-3.11.2[d] — Risk Assessment (Vulnerability Assessments)

Domain: Risk Assessment (RA) | Practice: RA.L2-3.11.2 | Objective ID: 3.11.2[d]

Assessment Objective: Remediations for discovered vulnerabilities are tracked.

Summary

AC.L2-3.11.2[d] requires organizations to track the status of vulnerability remediation efforts through POA&M, tickets, or equivalent tracking mechanisms. Organizations must demonstrate closure of vulnerabilities or active mitigation strategies.

Key Requirements

Documented POA&M or issue tracking system. Each vulnerability linked to remediation action. Target closure dates established. Status tracking with periodic updates. Executive oversight of open items. Evidence of completed remediations.

NDS Support

NDS Compliance-as-a-Service includes POA&M management and vulnerability tracking integrated with assessment findings.

Related articles
  • AC.L2-3.11.2[a]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives
  • AC.L2-3.11.2[b]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives
  • AC.L2-3.11.2[c]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives