Risk treatment validation measures are specified based on the cybersecurity goals. Validation measures are selected according to defined criteria, including criteria for regression validation. The integrated system is validated using the specified validation measures, and the results of the validation are recorded. Consistency and bidirectional traceability are established between the validation measures and the cybersecurity goals; and bidirectional traceability is established between validation results and validation measures. The results of the risk treatment validation are summarized and communicated to all affected parties.
