Portion of risk remaining after controls/countermeasures have been applied.

Source: NIST SP 800-161r1-upd1 | Category: