Cybersecurity goals are specified. Cybersecurity requirements are derived from cybersecurity goals. Consistency and bidirectional traceability are maintained between cybersecurity requirements and goals and between the cybersecurity goals and the threat scenarios. The cybersecurity requirements are agreed and communicated to all affected parties.
