How to audit mitigated threats
Question
What if I have a mitigation for issues for the indicated model elements?
Answer
The following can be done for example in the Microsoft Threat Modeling Tool for circumstances where a valid issue has been identified, and it has been mitigated:
- In the Threat Properties window, for the Status pulldown, select “Mitigated”
- In the Threat Properties window, for the Justification, write “This threat is valid and has been mitigated. The current design is described in [document name] [document section].”
References
none