R008. Generate system threat model


The organization must generate a threat model for the system, identifying all potential threats and covering STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege).


  1. GDPR. Recital 76: Risk assessment.

  2. HIPAA Security Rules 164.308(a)(1)(ii)(A): Risk Analysis: Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.

  3. HIPAA Security Rules 164.310(a)(2)(ii): Facility Security Plan: Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft.

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy