Which of the following statements correctly describes DIACAP residual risk?
A.
It is the remaining risk to the information system after risk palliation has occurred.
B.
It is a process of security authorization.
C.
It is the technical implementation of the security design.
D.
It is used to validate the information system.