IDNameImplementation GroupsThreats
    IG1IG2IG3
    16.13Alert on Account Login Behavior Deviation  STRIDE-LM
    17Implement a Security Awareness and Training Program   STRIDE-LM
    17.1Perform a Skills Gap Analysis STRIDE-LM
    17.2Deliver Training to Fill the Skills Gap STRIDE-LM
    17.3Implement a Security Awareness ProgramSTRIDE-LM
    17.4Update Awareness Content Frequently STRIDE-LM
    17.5Train Workforce on Secure AuthenticationSTRIDE-LM
    17.6Train Workforce on Identifying Social Engineering AttacksSTRIDE-LM
    17.7Train Workforce on Sensitive Data HandlingSTRIDE-LM
    17.8Train Workforce on Causes of Unintentional Data ExposureSTRIDE-LM
    17.9Train Workforce Members on Identifying and Reporting IncidentsSTRIDE-LM
    18Application Software Security   STRIDE-LM
    18.1Establish Secure Coding Practices STRIDE-LM
    18.2Ensure That Explicit Error Checking is Performed for All In-House Developed Software STRIDE-LM
    18.3Verify That Acquired Software is Still Supported STRIDE-LM
    18.4Only Use Up-to-Date and Trusted Third-Party Components  STRIDE-LM
    18.5Use Only Standardized and Extensively Reviewed Encryption Algorithms STRIDE-LM
    18.6Ensure Software Development Personnel are Trained in Secure Coding STRIDE-LM
    18.7Apply Static and Dynamic Code Analysis Tools STRIDE-LM
    18.8Establish a Process to Accept and Address Reports of Software Vulnerabilities STRIDE-LM
    18.9Separate Production and Non-Production Systems STRIDE-LM
    18.10Deploy Web Application Firewalls STRIDE-LM
    18.11Use Standard Hardening Configuration Templates for Databases STRIDE-LM
    19Incident Response and Management   STRIDE-LM
    19.1Document Incident Response ProceduresSTRIDE-LM
    19.2Assign Job Titles and Duties for Incident Response STRIDE-LM
    19.3Designate Management Personnel to Support Incident HandlingSTRIDE-LM
    19.4Devise Organization-wide Standards for Reporting Incidents STRIDE-LM
    19.5Maintain Contact Information For Reporting Security IncidentsSTRIDE-LM
    19.6Publish Information Regarding Reporting Computer Anomalies and IncidentsSTRIDE-LM
    19.7Conduct Periodic Incident Scenario Sessions for Personnel STRIDE-LM
    19.8Create Incident Scoring and Prioritization Schema  STRIDE-LM
    20Penetration Tests and Red Team Exercises   STRIDE-LM
    20.1Establish a Penetration Testing Program STRIDE-LM
    20.2Conduct Regular External and Internal Penetration Tests STRIDE-LM
    20.3Perform Periodic Red Team Exercises  STRIDE-LM
    20.4Include Tests for Presence of Unprotected System Information and Artifacts STRIDE-LM
    20.5Create Test Bed for Elements Not Typically Tested in Production STRIDE-LM
    20.6Use Vulnerability Scanning and Penetration Testing Tools in Concert STRIDE-LM
    20.7Ensure Results from Penetration Test are Documented Using Open, Machine-readable Standards  STRIDE-LM
    20.8Control and Monitor Accounts Associated with Penetration Testing STRIDE-LM