3.11.3: Remediate vulnerabilities in accordance with risk assessments

Control Family:

Risk Assessment

Control Type:


CSF v1.1 References:


Vulnerabilities discovered, for example, via the scanning conducted in response to 3.11.2, are remediated with consideration of the related assessment of risk. The consideration of risk influences the prioritization of remediation efforts and the level of effort to be expended in the remediation for specific vulnerabilities.