Readings
- NIST SP 800-18r1 “Guide for Developing Security Plans for Federal Information Systems”
- FedRAMP System Security Plan (SSP) Low Moderate High Baseline Master Template
- FIPS Pub 199 Standards for Security Categorization of Federal Information and Information Systems
Resource:
- University of Washington Threat Modeling Cards
- Threat Modeling Cards – Human Impact (blue)
- Threat Modeling Cards – Adversary Motivation (orange)
- Threat Modeling Cards – Adversary’s Resources (red)