CMMC 1.0 Practice RM.3.146 Requirement:

Develop and implement risk mitigation plans.

CMMC 1.0 RM.3.146 Requirement Explanation:

When the consequences of risk are determined to be unacceptable, you must act to address it. Addressing risk requires the development of a plan. Risk response will require adjustments to your current security strategies. Not all risk can be mitigated. You need to address residual risk—the risk that remains and is accepted by the organization after response plans are implemented.

Example CMMC 1.0 RM.3.146 Implementation:

Determine how you will deal with the risks identified in your risk assessment report. Create a plan specifying how you will address the risks. Options include risk avoidance, acceptance, monitoring, transfer, and mitigation. Determine the actions you will take to limit risk, security controls you plan to put in place, and the resources needed to implement the plan.

CMMC 1.0 RM.3.146 Scenario(s):

- Scenario 1:

Upon management review of your risk assessment report, they instruct you to address the high risk items. You develop a plan to address the risks and implement it.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.