Authorisation and Risk Acceptance

  • Establish a formal risk authorisation process, where senior leadership evaluates residual risks and determines risk appetite.

  • Document risk acceptance decisions and mitigation plans.

  • Reference: NIST SP 800-37

PreviousAssess Control EffectivenessNextContinuous Monitoring and Continuous Management

Last updated