Acceptable Risk
Level of residual risk to the organization’s operations, assets, or individuals that falls within the defined risk appetite and risk tolerance by the organization.
Senses
Sense 1
Level of residual risk to the organization’s operations, assets, or individuals that falls within the defined risk appetite and risk tolerance by the organization.
References
- NIST CSRC GlossaryJan 05, 2026Acceptable Riskhttps://csrc.nist.gov/glossary/term/acceptable_riskNIST states most site information is public information and may be distributed or copied, except material marked as copyrighted; attribution requested. Verify per-document markings before quoting.Source: NIST CSRC Glossary (csrc.nist.gov).
(I)
A risk that is understood and tolerated by a system's user, operator, owner, or accreditor, usually because the cost or difficulty of implementing an effective countermeasure for the associated vulnerability exceeds the expectation of loss. (See: adequate security, risk, "second law" under "Courtney's laws".)
References
- IETF RFC 4949 (Internet Security Glossary)Jan 06, 2026RFC 4949 — Internet Security Glossary (Version 2)https://www.rfc-editor.org/rfc/rfc4949.txtRFC 4949 is published by the IETF Trust and marked as "Distribution of this memo is unlimited". Verify IETF Trust copyright/licensing terms for reuse.Source: IETF RFC 4949 (rfc-editor.org).