Decrypting the Security Risk Analysis Requirement for MU