Perform a risk assessment and obtain an approved waiver in accordance with established policy of not updating authentication controls due to system limitations. Design and implement relevant compensatory controls if necessary.