http://www.fcw.com/fcw/articles/2003/0922/web-nist-09-22-03.asp "NIST will later tie this to guidance for the appropriate level of security, depending on the assigned level of risk."
Maybe we will have a scale to define the mythical "security risk"?!
