Control Description Data Protection Classification
Level 1 Level 2 Level 3 Level 4
RA-1 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of the University’s data required required essential essential
RA-2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. required required essential essential
RA-3 Remediate vulnerabilities in accordance with risk assessments. essential essential essential essential