In cybersecurity, a waiver is an official authorization that allows an individual or organization to bypass a specific security policy, rule, or requirement under defined conditions. Waivers are typically granted after a risk assessment and are documented to ensure accountability and oversight. They are used when compliance with a particular control is impractical or impossible, but the associated risks are understood and accepted by the appropriate authority. Waivers are time-bound and subject to periodic review to ensure that the exception remains justified and does not expose the organization to unacceptable risk.