16.14: Conduct Threat Modeling

CSF v1.1 References:

PR.AC-5
PR.DS-5
PR.DS-8
PR.IP-7

PF v1.0 References:

PR.PO-P5
PR.AC-P5
PR.DS-P5
PR.DS-P8

Group:

Control is new to this version of the control set.

Control Statement

Conduct threat modeling. Threat modeling is the process of identifying and addressing application security design flaws within a design, before code is created. It is conducted through specially trained individuals who evaluate the application design and gauge security risks for each entry point and access level. The goal is to map out the application, architecture, and infrastructure in a structured way to understand its weaknesses.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4