You may select the security measures you use to treat risk, and the security measures you use for compliance.

For PILAR collection of safeguards,

·       users may completely ignore them

·       or see them, but do not use them to treat risk

·       or see, and apply them to treat risk

For NIST 800-53 rev.5 collection of safeguards,

·       users may completely ignore them

·       or see them, but do not use them to treat risk

·       or see, and apply them to treat risk