NIST 800-171 R-3.11.1
Periodically Assess Risk
Official citation: 3.11.1
Class: core · Severity: high
Statement of the obligation — verify against source
3.11.1
What it means
Periodically assess the risk to your operations, assets, and people that arises from running your systems and processing, storing, or transmitting CUI. Risk assessments weigh threats, vulnerabilities, likelihood, and impact, and they inform where to focus your security investments.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.