Identification should state that preventions and protections against cyber-attacks change as the targets, vulnerabilities, and threats change.

Identification should state that each vulnerability will have its own unique set of preventions and protections, and should include, but not be limited to the following: