SAMMY UI is optimized for resolutions with a width 1024px and higher.
Threat Assessment
PW.1.1: Use forms of risk modeling – such as threat modeling, attack modeling, or attack surface mapping – to help assess the security risk for the software.
  • Example 1: Train the development team (security champions, in particular) or collaborate with a risk modeling expert to create models and analyze how to use a risk-based approach to communicate the risks and determine how to address them, including implementing mitigations.
  • Example 2: Perform more rigorous assessments for high-risk areas, such as protecting sensitive data and safeguarding identification, authentication, and access control, including credential management.
  • Example 3: Review vulnerability reports and statistics for previous software to inform the security risk assessment.
  • Example 4: Use data classification methods to identify and characterize each type of data that the software will interact with.
Description

Use forms of risk modeling – such as threat modeling, attack modeling, or attack surface mapping – to help assess the security risk for the software.