Risk treatment verification measures are developed. Verification measures are selected according to the release scope. The implementation of the design and the integration of the components is verified. Verification results are recorded. Consistency and bidirectional traceability are established between the risk treatment verification measures and the cybersecurity requirements, as well as between the risk treatment verification measures and the refined architectural design, detailed design and software units. Bidirectional traceability is established between the verification results and the risk treatment verification measures. The results of the risk treatment verification are summarized and communicated to all affected parties.
