Young hacker smiling

We hack your software

zero false positives

Expert intelligence + effective automation

REQ.008 Generate system threat model

This document contains the details of the security requirements related to a company's information assets. This requirement sets the importance of defining a system threat model covering STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege).

Requirement

The organization must generate a threat model for the system, identifying all potential threats and covering STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege).

References

  1. HIPAA Security Rules 164.308(a)(1)(ii)(A): Risk Analysis: Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.

  2. HIPAA Security Rules 164.310(a)(2)(ii): Facility Security Plan: Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft.

  3. OWASP-ASVS v3.1-1.6 A threat model for the application and the associated remote services has been produced that identifies potential threats and countermeasures.


Service status - Terms of Use