[2/27/24, 11:00 AM EST] CSRC has been experiencing technical issues. If you are unable to access a CSRC page or resource, or get a 503 error, please try reloading the page several times--it may help to wait a few minutes before trying again. We apologize for the inconvenience, and hope to have a solution in place next week.
the level of Residual Risk that has been determined to be a reasonablelevel of potential loss/disruption for a specific IT system. (See Total Risk, Residual Risk, and Minimum Level of Protection.)
NIST SP 800-16
A level of residual risk to the organization’s operations, assets, or individuals that falls within the defined risk appetite and risk tolerance by the organization.
NIST SP 800-161r1