CMMC 1.0 Practice RM.2.141 Requirement:
Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of “Controlled Unclassified Information” (CUI).
CMMC 1.0 RM.2.141 Requirement Explanation:
By assessing risks to your organization you can come up with plans to mitigate risk thus protecting your business operations.
Example CMMC 1.0 RM.2.141 Implementation:
Conduct a risk assessment to identify risks to your company's business operations. This includes reviewing how common threats such as natural disasters and cyber attacks can impact your business operations and your “Controlled Unclassified Information” (CUI). Document your findings in a risk assessment report. Periodically perform risks assessments, perhaps annually.
CMMC 1.0 RM.2.141 Scenario(s):
- Scenario 1:
You decide to conduct a risk assessment to determine whether or not you should store “Controlled Unclassified Information” (CUI) on your local file server or with a cloud service provider. You list out common threats such as natural disasters, power outages, and malware infections and decide which solution has the least risk. Storing it locally on your file server or in the cloud.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.