Risk Assessment.

Periodic risk assessments, vulnerability scanning, and remediating what you find.

3.11.1 Assess Your Risks. RA.L2-3.11.1 · Risk Assessments Formal risk assessments at defined intervals — threats, vulnerabilities, likelihood, impact. 3 pts 3.11.2 Scan for Vulnerabilities. RA.L2-3.11.2 · Vulnerability Scan Regular vulnerability scans plus ad-hoc scans when new critical vulnerabilities are disclosed. 1 pts 3.11.3 Fix What You Find. RA.L2-3.11.3 · Vulnerability Remediation Remediate vulnerabilities prioritized by risk — critical first, tracked to closure. 1 pts