In this article

• Identify the Stencil (Border) and Element (Name) used in in your DFD
• Create a Trust Zone (necessary in this example since). See https://support.iriusrisk.com/hc/en-us/articles/6093686846609-How-to-create-a-trust-zone)
• Update the "trustzone:" section of the default mapping file for MTMT

Permissions required

• SYSTEM_SETTINGS_UPDATE (to create a TZ)

Instructions

For this guide, we will use the following DFD as an example:

1. Identify the display name and the associated stencil name:

1.1 Element name Cloud Service uses the Stencil Service Fabric Trust Boundary:

1.2 Element name Internet uses the Stencil Generic Trust Border Boundary:

1.3 Element name Public Cloud uses the Stencil Azure Trust Boundary:

2. Download the default mapping file for MTMT (mtmt_default_mapping_example.yaml) from Github

3. Note the attributes used in mapping the trust zones:

-label:

For OTM, this is the Stencil name.

type: 

This is the Unique ID of the TZ in IriusRisk*

4. In this example, note the following:

4.1 DFD contains three border boundaries using different  Stencils and they are nested (1.2  and 1.3 are nested in 1.1)**

4.2 The default mapping file does not contain a mapping for Service Fabric Trust Boundary

4.3 The default mapping file does not contain a mapping for Azure Trust Boundary.

5. Requirements are (example):

5. 1 To Map the Service Fabric Trust Boundary border boundary [1.1] to the Public TZ:

5.1.1 Add the following mapping:

-label: Service Fabric Trust Boundary
 type: 6376d53e-6461-412b-8e04-7b3fe2b397de

5.2 To Map the Generic Trust Border Boundary border boundary [1.2]to the Internet TZ:

5.2.1 Update the type of the Generic Trust Border Boundary as follows:

-label: Generic Trust Border Boundary
 type: f0ba7722-39b6-4c81-8290-a30a248bb8d9

5.3 To map the border boundary Azure Trust Boundary [1.3] to a TZ with a rating of 50.

The default Public Cloud TZ has a trust rating of 60. Let's say the rating for [1.3] was evaluated to have a trust rating of 50.

    5.3.1 Create a new TZ  in Irius Risk with trust rating of 50.

    5.3.2 Add a mapping for the Azure Trust Boundary as follows:

- label: Azure Trust Boundary
  type: b70b79e9-31fe-4518-8a5c-d1e5b323a296

Notes:

* Since IriusRisk v4.20.1, the "id" field containing the IriusRisk trust zone ID is deprecated. For previous versions there was an additional "type" attribute, actually ignored and was recommended entering the displayed trust zone name instead, e.g.,:

- label: Azure Trust Boundary
  type: Public Cloud
  id: b70b79e9-31fe-4518-8a5c-d1e5b323a296

** Since IriusRisk v.4.20.1, it is possible to have nested trust zones with the same stencil name. Since IriusRisk v.4.22, it is possible to have the same stencil name for different trust zones, before that version it would appear as unified in diagram.