CMMC 1.0 Practice RM.2.141 Requirement:

Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of “Controlled Unclassified Information” (CUI).

CMMC 1.0 RM.2.141 Requirement Explanation:

By assessing risks to your organization you can come up with plans to mitigate risk thus protecting your business operations.

Example CMMC 1.0 RM.2.141 Implementation:

Conduct a risk assessment to identify risks to your company's business operations. This includes reviewing how common threats such as natural disasters and cyber attacks can impact your business operations and your “Controlled Unclassified Information” (CUI). Document your findings in a risk assessment report. Periodically perform risks assessments, perhaps annually.

CMMC 1.0 RM.2.141 Scenario(s):

- Scenario 1:

You decide to conduct a risk assessment to determine whether or not you should store “Controlled Unclassified Information” (CUI) on your local file server or with a cloud service provider. You list out common threats such as natural disasters, power outages, and malware infections and decide which solution has the least risk. Storing it locally on your file server or in the cloud.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.