Establish a formal risk authorisation process, where senior leadership evaluates residual risks and determines risk appetite.
Document risk acceptance decisions and mitigation plans.
Reference: NIST SP 800-37arrow-up-right
Last updated 8 months ago