Process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is/are acceptable or tolerable.
Sources:
NIST SP 800-160v1r1
from
ISO Guide 73