Risk tolerance

nouncandidate·updated May 9, 2026

The level of risk an entity is willing to assume in order to achieve a potential desired result.

Framework senses

8 senses across 7 frameworks

ISACA Cybersecurity Glossary1 senseview framework →

§1: The acceptable level of variation that management is willing to allow for any particular risk as the enterprise pursues its objectives

NIST Cybersecurity Framework1 senseview framework →

§1: The level of risk an entity is willing to assume in order to achieve a potential desired result.

CPMI-IOSCO Guidance on Cyber Resilience for Financial Market Infrastructures1 senseview framework →

§1: The amount and type of risk that an organisation is willing to take in order to meet its strategic objectives (may also be referred to as “risk appetite”).

NISTIR 7298: Glossary of Key Information Security Terms, Revision 22 sensesview framework →

§1: The level of risk an entity is willing to assume in order to achieve a potential desired result.
§2 · sense_2_pending_review: The defined impacts to an enterprise’s information systems that an entity is willing to accept.

CNSSI-4009 (Glossary of Information Assurance Terms)1 senseview framework →

§1: The defined impacts to an enterprise’s information systems that an entity is willing to accept.

NIST SP 800-321 senseview framework →

§1: The level of risk an entity is willing to assume in order to achieve a potential desired result.

NIST AI RMF 1.01 senseview framework →

§1: Risk tolerance refers to the organization’s or AI actor’s ... readiness to bear the risk in order to achieve its objectives. Risk tolerance can be influenced by legal or regulatory requirements.