Risk Treatment is done for each combination of damage- and threat scenarioscenarios. In the TARA table, open the nested table for threat scenarios of any damage scenario. Right to group To the right of Threat Scenario, you find the Risk Values group, showing the derived risk level for any rated impact category.
...
Option: Select a risk treatment option.
Claim: The drop-down provides all cybersecurity claims available in the corresponding catalog.
CAL: Manually set a cybersecurity assurance level (Note: In future versions this will be calculated).
Reduce risk value to: Set a risk value as a target for any risk mitigation activity.
Security Goal: The drop-down provides all cybersecurity goals available in the project.
...
Risk treatment option
For each threat scenario a risk treatment option can be selected in column Option. You have a choice of
avoiding the risk,
reducing the risk,
sharing the risk, and
retaining the risk.
Avoiding the risk: No further action needed.
Reducing the Risk:
(optional) Select the target risk value in column Reduce risk to.
Select a cybersecurity goal (CSG) by double clicking in a cell of column Security Goal and select from drop-down list.
Sharing or retaining the risk:
...