NIST SP 800-171 & CMMC 2.0 Control 3.11.2 Requirement:

Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. Solutions like Nessus can be used to meet this requirement. Ensure that you scan for vulnerabilities on all devices connected to the network including servers, desktops, laptops, virtual machines, containers, firewalls, switches, and printers

NIST SP 800-171 & CMMC 2.0 3.11.2 Requirement Explanation:

A vulnerability scanner is an application that identifies vulnerabilities in systems. Most vulnerability scanners can create a prioritized list of vulnerabilities ordered by their level of severity. All assets that are within the scope of the CMMC assessment must be scanned, including assets such as laptop computers that may not routinely connect to an organization’s network.

Example NIST SP 800-171 & CMMC 2.0 3.11.2 Implementation:

Use a vulnerability scanner to periodically (e.g. bi-weekly) scan systems on your internal and external network.

NIST SP 800-171 & CMMC 2.0 3.11.2 Scenario(s):

- Scenario 1:

You have purchased a vulnerability scanner to identify vulnerabilities in your systems. You configure it to scan everything on your network once a month. You also configure your scanner to updates it's signature database before each scan. You document the results of your scans so that you can mitigating the scan findings.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.