C1 seems appropriate as the risk is not inherent to all deployments and there are multiple ways to prevent/mitigate where needed.
C1 seems appropriate as the risk is not inherent to all deployments and there are multiple ways to prevent/mitigate where needed.