U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Computer Security Resource Center

Computer Security Resource Center

    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

risk tolerance

Definition(s):

  The organization’s or stakeholder’s readiness to bear the risk after risk treatment in order to achieve its objectives. Note: Risk tolerance can be influenced by legal or regulatory requirements.
Source(s):
NIST SP 800-160 Vol. 1 from ISO Guide 73

  The organization’s or stakeholder’s readiness to bear the risk after risk treatment in order to achieve its objectives. Note: Risk tolerance can be influenced by legal or regulatory requirements.
Source(s):
NIST SP 800-160 Vol. 1 from ISO Guide 73

  The level of risk an entity is willing to assume in order to achieve a potential desired result.
Source(s):
NIST SP 800-137 under Risk Tolerance from NISTIR 7298
NIST SP 800-137A from NIST SP 800-137
CNSSI 4009-2015 [Superseded] from NIST SP 800-32
NIST SP 800-32 [Withdrawn] under Risk Tolerance

  The level of risk or the degree of uncertainty that is acceptable to an organization.
Source(s):
NIST SP 800-53 Rev. 5 from NIST SP 800-39
NIST SP 800-53A Rev. 5 from NIST SP 800-39

  The organization’s or stakeholder’s readiness to bear the remaining risk after responding to or considering the risk in order to achieve its objectives.
Source(s):
NIST SP 800-161r1 from NISTIR 8286 - adapted

  Risk tolerance is the degree of risk or uncertainty that is acceptable to an organization.
Source(s):
NISTIR 8170 under Risk Tolerance from NIST SP 800-37

  The level of risk that the Manufacturer is willing to accept in pursuit of strategic goals and objectives.
Source(s):
NISTIR 8183 under Risk Tolerance from NIST SP 800-53
NISTIR 8183 Rev. 1 under Risk Tolerance from NIST SP 800-53 Rev. 4
NISTIR 8183A Vol. 1 under Risk Tolerance from NIST SP 800-53
NISTIR 8183A Vol. 2 under Risk Tolerance from NIST SP 800-53
NISTIR 8183A Vol. 3 under Risk Tolerance from NIST SP 800-53

  The level of risk or degree of uncertainty that is acceptable to organizations.
Source(s):
NIST Privacy Framework Version 1.0 under Risk Tolerance from NIST SP 800-39

  The organization’s or stakeholder’s readiness to bear the remaining risk after risk response in order to achieve its objectives, with the consideration that such tolerance can be influenced by legal or regulatory requirements.
Source(s):
NISTIR 8286 under Risk Tolerance from ISO Guide 73