In this article
- Identify the Stencil (Border) and Element (Name) used in in your DFD
- Create a Trust Zone (necessary in this example since). See https://support.iriusrisk.com/hc/en-us/articles/6093686846609-How-to-create-a-trust-zone)
- Update the "trustzone:" section of the default mapping file for MTMT
Permissions required
- SYSTEM_SETTINGS_UPDATE (to create a TZ)
Instructions
For this guide, we will use the following DFD as an example:
1. Identify the display name and the associated stencil name:
1.1 Element name Cloud Service uses the Stencil Service Fabric Trust Boundary:
1.2 Element name Internet uses the Stencil Generic Trust Border Boundary:
1.3 Element name Public Cloud uses the Stencil Azure Trust Boundary:
2. Download the default mapping file for MTMT (mtmt_default_mapping_example.yaml) from Github
3. Note the attributes used in mapping the trust zones:
-label:
For OTM, this is the Stencil name.
type:
This is the Unique ID of the TZ in IriusRisk*
4. In this example, note the following:
4.1 DFD contains three border boundaries using different Stencils and they are nested (1.2 and 1.3 are nested in 1.1)**
4.2 The default mapping file does not contain a mapping for Service Fabric Trust Boundary
4.3 The default mapping file does not contain a mapping for Azure Trust Boundary.
5. Requirements are (example):
5. 1 To Map the Service Fabric Trust Boundary border boundary [1.1] to the Public TZ:
5.1.1 Add the following mapping:
-label: Service Fabric Trust Boundary
type: 6376d53e-6461-412b-8e04-7b3fe2b397de
5.2 To Map the Generic Trust Border Boundary border boundary [1.2]to the Internet TZ:
5.2.1 Update the type of the Generic Trust Border Boundary as follows:
-label: Generic Trust Border Boundary
type: f0ba7722-39b6-4c81-8290-a30a248bb8d9
5.3 To map the border boundary Azure Trust Boundary [1.3] to a TZ with a rating of 50.
The default Public Cloud TZ has a trust rating of 60. Let's say the rating for [1.3] was evaluated to have a trust rating of 50.
5.3.1 Create a new TZ in Irius Risk with trust rating of 50.
5.3.2 Add a mapping for the Azure Trust Boundary as follows:
- label: Azure Trust Boundary
type: b70b79e9-31fe-4518-8a5c-d1e5b323a296
Notes:
* Since IriusRisk v4.20.1, the "id" field containing the IriusRisk trust zone ID is deprecated. For previous versions there was an additional "type" attribute, actually ignored and was recommended entering the displayed trust zone name instead, e.g.,:
- label: Azure Trust Boundary
type: Public Cloud
id: b70b79e9-31fe-4518-8a5c-d1e5b323a296
** Since IriusRisk v.4.20.1, it is possible to have nested trust zones with the same stencil name. Since IriusRisk v.4.22, it is possible to have the same stencil name for different trust zones, before that version it would appear as unified in diagram.
Comments
0 comments
Article is closed for comments.