Cybersecurity requirements are derived from cybersecurity goals Risk treatment verification is specified and performed Activities are identified and documented to validate cybersecurity goals and validation results are recorded Traceability is established between the cybersecurity goals and validation results Traceability is established between cybersecurity requirements and goals, and between the cybersecurity requirements and risk treatment verification specification
