In this article

• Identify the Stencil (Border) and Element (Name) used in in your DFD
• Create a Trust Zone (necessary in this example since). See https://support.iriusrisk.com/hc/en-us/articles/6093686846609-How-to-create-a-trust-zone)
• Update the "trustzone:" section of the default mapping file for MTMT

Permissions required

• SYSTEM_SETTINGS_UPDATE (to create a TZ)

Instructions

For this guide, we will use the following DFD as an example:

1. Identify the display name and the associated stencil name:

1.1 Element name Cloud Service uses the Stencil Service Fabric Trust Boundary:

1.2 Element name Internet uses the Stencil Generic Trust Border Boundary:

1.3 Element name Public Cloud uses the Stencil Azure Trust Boundary:

2. Download the default mapping file for MTMT (mtmt_default_mapping_example.yaml) from Github

3. Note the attributes used in mapping the trust zones:

-label:

For OTM, this is the Stencil name.

type: 

For Importing via OTM, this attribute is ignored., however, we recommend entering the display name instead.*

id: 

This is the Unique ID of the TZ in IriusRisk*

4. In this example, note the following:

4.1 DFD contains three border boundaries using different  Stencils and they are nested (1.2  and 1.3 are nested in 1.1)**

4.2 The default mapping file does not contain a mapping for Service Fabric Trust Boundary

4.3 The default mapping file does not contain a mapping for Azure Trust Boundary.

5. Requirements are (example):

5. 1 To Map the Service Fabric Trust Boundary border boundary [1.1] to the Public TZ:

5.1.1 Add the following mapping:

-label: Service Fabric Trust Boundary
 type: Cloud Service 
 id: 6376d53e-6461-412b-8e04-7b3fe2b397de

5.2 To Map the Generic Trust Border Boundary border boundary [1.2]to the Internet TZ:

5.2.1 Update the type and id of the Generic Trust Border Boundary as follows:

-label: Generic Trust Border Boundary
 type: Internet 
 id: f0ba7722-39b6-4c81-8290-a30a248bb8d9

5.3 To map the border boundary Azure Trust Boundary [1.3] to a TZ with a rating of 50.

The default Public Cloud TZ has a trust rating of 60. Let's say the rating for [1.3] was evaluated to have a trust rating of 50.

    5.3.1 Create a new TZ  in Irius Risk with trust rating of 50.

    5.3.2 Add a mapping for the Azure Trust Boundary as follows:

- label: Azure Trust Boundary
  type: Public Cloud
  id: b70b79e9-31fe-4518-8a5c-d1e5b323a296

Notes:

* The "type" attribute currently supports the value provided in the "id" field, however in the near future, the "id" field will be deprecated. You may therefore just use the two attributes instead, e.g.,:

- label: Azure Trust Boundary
  type: b70b79e9-31fe-4518-8a5c-d1e5b323a296

** At the time of writing, nested border boundaries, currently, can not share the same stencil name.