Those risks that arise from the likelihood that a given operation the system is taking when processing PII could create an adverse effect on individuals—and the potential impact on individuals.

Source: NIST SP 800-53A Rev. 5 | Category: