5.2.2 -The repository shall have implemented controls to adequately address each of the defined security risks.