Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.