// Level 3 · Controls
Risk Assessment
Periodically assess risks to CUI.
3.11.1High
Periodic Risk Assessment
Periodically assess the risk to organizational operations resulting from CUI processing.
3.11.2High
Vulnerability Scanning
Scan for vulnerabilities in organizational systems and applications periodically.
3.11.3High
Vulnerability Remediation
Remediate vulnerabilities in accordance with risk assessments.