This objective confirms that your organization’s risk assessment process isn’t just documented — it’s actively used to evaluate risks to Controlled Unclassified Information (CUI). You must demonstrate that your team follows the process consistently and that results lead to meaningful actions.