Risk Treatment
You may select the security measures you use to treat risk, and the security measures you use for compliance.
For PILAR collection of safeguards,
- users may completely ignore them
- or see them, but do not use them to treat risk
- or see, and apply them to treat risk
For NIST 800-53 rev.5 collection of safeguards,
- users may completely ignore them
- or see them, but do not use them to treat risk
- or see, and apply them to treat risk