CMMC 1.0 Practice RM.3.146 Requirement:
Develop and implement risk mitigation plans.
CMMC 1.0 RM.3.146 Requirement Explanation:
When the consequences of risk are determined to be unacceptable, you must act to address it. Addressing risk requires the development of a plan. Risk response will require adjustments to your current security strategies. Not all risk can be mitigated. You need to address residual riskāthe risk that remains and is accepted by the organization after response plans are implemented.
Example CMMC 1.0 RM.3.146 Implementation:
Determine how you will deal with the risks identified in your risk assessment report. Create a plan specifying how you will address the risks. Options include risk avoidance, acceptance, monitoring, transfer, and mitigation. Determine the actions you will take to limit risk, security controls you plan to put in place, and the resources needed to implement the plan.
CMMC 1.0 RM.3.146 Scenario(s):
- Scenario 1:
Upon management review of your risk assessment report, they instruct you to address the high risk items. You develop a plan to address the risks and implement it.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.