Condensed Process¶
Note
This Condensed Process should only be used if your team has limited time to conduct threat modeling (days instead of weeks). Before using, please review Questions 1 through 4 of the uncondensed process.
Question 1: What are we working on?¶

Data Flow Diagram Outline¶
Develop a top-level Dataflow Diagram for your system
Identify critical components and dataflows that, when impacted, would result in mission failure
Question 2: What could go wrong?¶

Attack Tree Outline¶
Analyze your DFD using a structured brainstorming technique (Attack Tree, STRIDE, etc.)
Brainstorm ATT&CK TTPs that could be used to attack the critical components within your DFD
You can gather ideas from TTPs previously used against your tech platform – see the ATT&CK matrix and select by platform or use the Center’s Top ATT&CK Techniques Calculator.
Once you’ve got your list of brainstormed TTPs, search through your existing security stack for ability to defend against them.
Question 3: What are we going to do about it?¶
Implement the mitigations listed within the ATT&CK page for each brainstormed TTP:

ATT&CK Mitigations Outline¶
OR
Implement the NIST 800-53 controls for each brainstormed TTP using CTID’s Mappings Explorer:

Mappings Explorer Outline¶
Question 4: Did we do a good job?¶

Reevaluate¶
Periodically repeat this process to evaluate your existing mitigations and make sure they are in sync with the development of your system.