Documentation Index

Fetch the complete documentation index at: https://kb.northerndatasolutions.com/llms.txt

Use this file to discover all available pages before exploring further.

AC.L2-3.11.2[e]

  • Published on Apr 29, 2026
  • 1 minute(s) read
  • CT
 Prev Next

AC.L2-3.11.2[e] — Risk Assessment (Vulnerability Assessments)

Domain: Risk Assessment (RA) | Practice: RA.L2-3.11.2 | Objective ID: 3.11.2[e]

Assessment Objective: Organizational vulnerabilities are periodically assessed.

Summary

AC.L2-3.11.2[e] requires that vulnerability assessments be conducted on a regular, recurring schedule to identify newly introduced vulnerabilities and ensure continuity of security posture. A documented assessment cadence (minimum annual) is essential for compliance.

Key Requirements

Documented vulnerability assessment schedule. Regular assessment execution (at minimum annual). Assessment tools configured and maintained. Evidence of assessment runs with timestamps. Coverage of all CUI systems. Trending analysis of vulnerability counts over time.

NDS Support

Cyberwatch provides recurring vulnerability assessment services aligned with customer CMMC compliance timelines and schedules.

Related articles
  • AC.L2-3.11.2[a]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives
  • AC.L2-3.11.2[b]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives
  • AC.L2-3.11.2[c]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives