Which term describes safeguards and countermeasures commensurate with the level of risk?

The idea here is that security measures should be proportional to the risk they’re meant to mitigate. When risk is assessed, the safeguards chosen should be adequate to bring the residual risk down to an acceptable level, meaning they’re appropriate in strength and scope for the threat landscape and potential impact. This concept is captured by the term adequate controls, which describes safeguards that are sufficient to address the level of risk without being excessive. Acceptable risk, by contrast, refers to the amount of risk an organization is willing to tolerate after controls are applied, not the controls themselves. Availability concerns system uptime, not the proportionality of safeguards to risk. Compliance relates to meeting external or internal requirements, which may drive the choice of controls but not directly define their proportionality to risk.