Guardrails and Governance 7. Security for the Full Lifecycle – Risk analysis and confidentiality, integrity, and availability assurances must be sustained for the lifetime of the data, transaction, or relationship. Asset sensitivity must be reduced where possible (removing sensitive/regulated data, privileges, etc.), and assurances should be provided for the risk of data in use, in-flight, and at rest.