Process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is/are acceptable or tolerable.

Source: NIST SP 800-160v1r1 | Category: