# Term:Residual Risk

## CNSSI 4009

Residual Risk - Portion of risk remaining after security measures have been applied.

## DoDI 8510.01

Residual Risk - See Reference (v). E2.52.

## GAO-09-232G

Residual Risk - Portion of risk remaining after security measures have been applied.

## NIST IR 7298

Residual Risk - The remaining, potential risk after all IT security measures are applied. There is a residual risk associated with each threat. SOURCE: SP 800-33

## NIST SP 800-16

Residual Risk - the potential for the occurrence of an adverse event after adjusting for the impact of all in-place safeguards. (See Total Risk, Acceptable Risk, and Minimum Level of Protection.)

## NIST SP 800-33

Residual Risk - The remaining, potential risk after all IT security measures are applied. There is a residual risk associated with each threat.

## NIST SP 800-64r2

Residual Risk - The remaining potential risk after all IT security measures are applied. There is a residual risk associated with each threat. SOURCE: SP 800-33

## NSTISSI 1000

Residual Risk - Portion or risks remaining after security measures have been applied.