A decision, action, or practice intended to reduce the level of risk associated with one or more threat events, threat scenarios, or vulnerabilities.
Sources:
NIST SP 800-160 Vol. 2 Rev. 1
The temporary reduction or lessening of the impact of a vulnerability or the likelihood of its exploitation.
Sources:
NIST SP 800-216