SP6 Cyber Risk Professionals present a guide for cyber risk assessments and day-to-day cyber risk management.

CMMC wants you to perform periodic risk assessments, meaning at
least once per year. If your organization does not have an existing risk
assessment process, CMMC suggests organizations use NIST SP
800-30, Guide for Conducting Risk Assessments. You can also visit
SP6’s CMMC Resources page for a usable example of how to conduct
a risk assessment, in alignment with NIST SP 800-30.