IDNameImplementation GroupsThreats
    11.5Test Data Recovery STRIDE-LM
    12Network Infrastructure Management   STRIDE-LM
    12.1Ensure Network Infrastructure is Up-to-DateSTRIDE-LM
    12.2Establish and Maintain a Secure Network Architecture STRIDE-LM
    12.3Securely Manage Network Infrastructure STRIDE-LM
    12.4Establish and Maintain Architecture Diagram(s) STRIDE-LM
    12.5Centralize Network Authentication, Authorization, and Auditing (AAA) STRIDE-LM
    12.6Use of Secure Network Management and Communication Protocols STRIDE-LM
    12.7Ensure Remote Devices Utilize a VPN and are Connecting to an Enterprise's AAA Infrastructure STRIDE-LM
    12.8Establish and Maintain Dedicated Computing Resources for All Administrative Work  STRIDE-LM
    13Network Monitoring and Defense   STRIDE-LM
    13.1Centralize Security Event Alerting STRIDE-LM
    13.2Deploy a Host-Based Intrusion Detection Solution STRIDE-LM
    13.3Deploy a Network Intrusion Detection Solution STRIDE-LM
    13.4Perform Traffic Filtering Between Network Segments STRIDE-LM
    13.5Manage Access Control for Remote Assets STRIDE-LM
    13.6Collect Network Traffic Flow Logs STRIDE-LM
    13.7Deploy a Host-Based Intrusion Prevention Solution  STRIDE-LM
    13.8Deploy a Network Intrusion Prevention Solution  STRIDE-LM
    13.9Deploy Port-Level Access Control  STRIDE-LM
    13.10Perform Application Layer Filtering  STRIDE-LM
    13.11Tune Security Event Alerting Thresholds  STRIDE-LM
    14Security Awareness and Skills Training   STRIDE-LM
    14.1Establish and Maintain a Security Awareness ProgramSTRIDE-LM
    14.2Train Workforce Members to Recognize Social Engineering AttacksSTRIDE-LM
    14.3Train Workforce Members on Authentication Best PracticesSTRIDE-LM
    14.4Train Workforce on Data Handling Best PracticesSTRIDE-LM
    14.5Train Workforce Members on Causes of Unintentional Data ExposureSTRIDE-LM
    14.6Train Workforce Members on Recognizing and Reporting Security IncidentsSTRIDE-LM
    14.7Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security UpdatesSTRIDE-LM
    14.8Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure NetworksSTRIDE-LM
    14.9Conduct Role-Specific Security Awareness and Skills Training STRIDE-LM
    15Service Provider Management   STRIDE-LM
    15.1Establish and Maintain an Inventory of Service ProvidersSTRIDE-LM
    15.2Establish and Maintain a Service Provider Management Policy STRIDE-LM
    15.3Classify Service Providers STRIDE-LM
    15.4Ensure Service Provider Contracts Include Security Requirements STRIDE-LM
    15.5Assess Service Providers  STRIDE-LM
    15.6Monitor Service Providers  STRIDE-LM
    15.7Securely Decommission Service Providers  STRIDE-LM
    16Application Software Security   STRIDE-LM
    16.1Establish and Maintain a Secure Application DevelopmentĀ Process STRIDE-LM
    16.2Establish and Maintain a Process to Accept and Address Software Vulnerabilities STRIDE-LM
    16.3Perform Root Cause Analysis on Security Vulnerabilities STRIDE-LM
    16.4Establish and Manage an Inventory of Third-Party Software Components STRIDE-LM
    16.5Use Up-to-Date and Trusted Third-Party Software Components STRIDE-LM
    16.6Establish and Maintain a Severity Rating System and Process for Application Vulnerabilities STRIDE-LM
    16.7Use Standard Hardening Configuration Templates for Application Infrastructure STRIDE-LM
    16.8Separate Production and Non-Production Systems STRIDE-LM
    16.9Train Developers in Application Security Concepts and Secure Coding STRIDE-LM