Which of the following statements correctly describes DIACAP residual risk?
It is the remaining risk to the information system after risk palliation has occurred.
It is a process of security authorization.
It is the technical implementation of the security design.
It is used to validate the information system.