IDNameBaselinesPriorityThreats
    LowModerateHigh
    CA-9Internal System Connections
    • P2
    STRIDE-LM
    (1)Security Compliance Checks   
    • P2
    STRIDE-LM
    CM-1Configuration Management Policy And Procedures
    • P1
    STRIDE-LM
    CM-2Baseline Configuration
    • P1
    STRIDE-LM
    (1)Reviews And Updates 
    • P1
    STRIDE-LM
    (2)Automation Support For Accuracy / Currency  
    • P1
    STRIDE-LM
    (3)Retention Of Previous Configurations 
    • P1
    STRIDE-LM
    (6)Development And Test Environments   
    • P1
    STRIDE-LM
    (7)Configure Systems, Components, Or Devices For High-Risk Areas 
    • P1
    STRIDE-LM
    CM-3Configuration Change Control 
    • P1
    STRIDE-LM
    (1)Automated Document / Notification / Prohibition Of Changes  
    • P1
    STRIDE-LM
    (2)Test / Validate / Document Changes 
    • P1
    STRIDE-LM
    (3)Automated Change Implementation   
    • P1
    STRIDE-LM
    (4)Security Representative   
    • P1
    STRIDE-LM
    (5)Automated Security Response   
    • P1
    STRIDE-LM
    (6)Cryptography Management   
    • P1
    STRIDE-LM
    CM-4Security Impact Analysis
    • P2
    STRIDE-LM
    (1)Separate Test Environments  
    • P2
    STRIDE-LM
    (2)Verification Of Security Functions   
    • P2
    STRIDE-LM
    CM-5Access Restrictions For Change 
    • P1
    STRIDE-LM
    (1)Automated Access Enforcement / Auditing  
    • P1
    STRIDE-LM
    (2)Review System Changes  
    • P1
    STRIDE-LM
    (3)Signed Components  
    • P1
    STRIDE-LM
    (4)Dual Authorization   
    • P1
    STRIDE-LM
    (5)Limit Production / Operational Privileges   
    • P1
    STRIDE-LM
    (6)Limit Library Privileges   
    • P1
    STRIDE-LM
    CM-6Configuration Settings
    • P1
    STRIDE-LM
    (1)Automated Central Management / Application / Verification  
    • P1
    STRIDE-LM
    (2)Respond To Unauthorized Changes  
    • P1
    STRIDE-LM
    CM-7Least Functionality
    • P1
    STRIDE-LM
    (1)Periodic Review 
    • P1
    STRIDE-LM
    (2)Prevent Program Execution 
    • P1
    STRIDE-LM
    (3)Registration Compliance   
    • P1
    STRIDE-LM
    (4)Unauthorized Software / Blacklisting  
    • P1
    STRIDE-LM
    (5)Authorized Software / Whitelisting  
    • P1
    STRIDE-LM
    CM-8Information System Component Inventory
    • P1
    STRIDE-LM
    (1)Updates During Installations / Removals 
    • P1
    STRIDE-LM
    (2)Automated Maintenance  
    • P1
    STRIDE-LM
    (3)Automated Unauthorized Component Detection 
    • P1
    STRIDE-LM
    (4)Accountability Information  
    • P1
    STRIDE-LM
    (5)No Duplicate Accounting Of Components 
    • P1
    STRIDE-LM
    (6)Assessed Configurations / Approved Deviations   
    • P1
    STRIDE-LM
    (7)Centralized Repository   
    • P1
    STRIDE-LM
    (8)Automated Location Tracking   
    • P1
    STRIDE-LM
    (9)Assignment Of Components To Systems   
    • P1
    STRIDE-LM
    CM-9Configuration Management Plan 
    • P1
    STRIDE-LM
    (1)Assignment Of Responsibility   
    • P1
    STRIDE-LM
    CM-10Software Usage Restrictions
    • P2
    STRIDE-LM
    (1)Open Source Software   
    • P2
    STRIDE-LM
    CM-11User-Installed Software
    • P1
    STRIDE-LM