The risk management level that addresses the risk strategy, policies, and procedures for a specific mission or business process (but not the entire organization). Also refers to any element that is meant to be evaluated by Level 2 personnel.

Source: NISTIR 8212 | Category: