A CMMC Assessment Team is evaluating an OSC’s implementation of RA.L2-3.11.1 – Risk Assessments. Upon examining the OSC’s Risk Assessment policy, the team learns that the OSC has specified frequencies for assessing risks to organizational operations, assets, and personnel. The results and reviews of risk assessments indicated that assessments are conducted at these defined frequencies. For the OSC’s risk assessment to be accurate, it must consider all of the following except which factor?
Submit