3.11.5e_ODP[1]

  • Determination Statement

    The frequency to assess the effectiveness of security solutions is defined.

  • Requirement

    Assess the effectiveness of security solutions [Assignment: organization-defined frequency] to address anticipated risk to organizational systems and the organization based on current and accumulated threat intelligence.

  • Requirement Discussion

    Threat awareness and risk assessment of the organization are dynamic, continuous, and inform system operations, security requirements for the system, and the security solutions employed to meet those requirements. Threat intelligence (i.e., threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to help provide the necessary context for decision-making) is infused into the risk assessment processes and information security operations of the organization to identify any changes required to address the dynamic threat environment. [SP 800-30] provides guidance on risk assessments, threat assessments, and risk analyses.

More Info

  • Family

    Risk Assessment

NIST 800-172A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!