The security related-considerations from the Risk Executive which
the AO deems relevant and affects the final authorization decision. These considerations
are viewed from
organization-wide perspective with regard to the overall strategic goals and objectives
in carrying out the mission
and business functions. (e.g., organizational risk tolerance, organization?s overall
risk mitigation strategy, core
mission and business requirements, dependencies among systems, ongoing risk monitoring
requirements, and other types
of risks not directly associated with the system or its environment of operation)
Source: CNSSI-1254 appendix C Authorization Decision Document
Data elements #6, NIST SP 800-37