Skip to content

Commit 1e7ef74

Browse files
committed
docs: update thread model after review
1 parent 9947d5b commit 1e7ef74

2 files changed

Lines changed: 373 additions & 12 deletions

File tree

docs/templates/threat-model.md.j2

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,13 @@ The system is decomposed into the following trust boundaries. Data crossing a bo
9595
| {{ item['custom:title'] }} | {{ utils.reencode(item.description) }} |
9696
{%- endfor %}
9797

98+
## Trust assumptions
99+
100+
The threat analysis relies on the following assumptions about each trust boundary.
101+
102+
{% for id, item in sbdl.items() if item.type == 'trust_boundary' -%}
103+
- **{{ item['custom:title'] }}:** {{ utils.reencode(item['custom:assumption']) }}
104+
{% endfor %}
98105
# Actors
99106

100107
| Actor | Type | Trust boundary | Description |
@@ -175,8 +182,6 @@ The diagram below shows the system decomposed into its trust boundaries, with th
175182

176183
{{ utils.reencode(threat.description) }}
177184

178-
{{ utils.reencode(threat.remark) }}
179-
180185
**Attack vector**
181186

182187
{{ utils.reencode(cause.description) }}
@@ -218,6 +223,17 @@ The table below ranks all identified threats by their Risk Priority Number (RPN)
218223
| {{ row.tid }} | {{ row.stride }} | {{ row.s }} | {{ row.o }} | {{ row.d }} | {{ row.rpn }} | {{ row.rpn_post }} | {{ row.risk }} |
219224
{%- endfor %}
220225

226+
# Control evidence
227+
228+
Each threat's mitigation is backed by objective, reviewable evidence in the repository, supporting audit and regulatory review.
229+
230+
| Threat | Control status | Evidence |
231+
|--------|----------------|----------|
232+
{%- for id, threat in sbdl.items() if threat.type == 'threat' %}
233+
{%- set control = sbdl[threat['fmea:control'][0].identifier] %}
234+
| {{ threat['custom:threat_id'] }} | {{ control['custom:status'] }} | {{ utils.reencode(control['custom:evidence']) if 'custom:evidence' in control else '—' }} |
235+
{%- endfor %}
236+
221237
# Residual risk and planned actions
222238

223239
The following actions are planned to further reduce residual risk.
@@ -247,4 +263,4 @@ The following actions are planned to further reduce residual risk.
247263
| Low | {{ counts.low }} |
248264
| **Total** | **{{ counts.total }}** |
249265

250-
All high-risk threats have implemented, verifiable mitigations. Residual risk is tracked through the project's standard change control process and re-evaluated whenever the model or its source material changes.
266+
Every identified threat has a documented mitigation with traceable evidence, summarised in the Control evidence section. High-risk threats whose controls are only partially implemented carry planned actions listed under Residual risk and planned actions. Residual risk is tracked through the project's standard change control process and re-evaluated whenever the model or its source material changes.

0 commit comments

Comments
 (0)