In this article
- Identify the Stencil (Border) and Element (Name) used in in your DFD
- Create a Trust Zone (necessary in this example since). See https://support.iriusrisk.com/hc/en-us/articles/6093686846609-How-to-create-a-trust-zone)
- Update the "trustzone:" section of the default mapping file for MTMT
Permissions required
- SYSTEM_SETTINGS_UPDATE (to create a TZ)
Instructions
For this guide, we will use the following DFD as an example:
1. Identify the display name and the associated stencil name:
1.1 Element name Cloud Service uses the Stencil Service Fabric Trust Boundary:
1.2 Element name Internet uses the Stencil Generic Trust Border Boundary:
1.3 Element name Public Cloud uses the Stencil Azure Trust Boundary:
2. Download the default mapping file for MTMT (mtmt_default_mapping_example.yaml) from Github
3. Note the attributes used in mapping the trust zones:
-label:
For OTM, this is the Stencil name.
type:
For Importing via OTM, this attribute is ignored., however, we recommend entering the display name instead.*
id:
This is the Unique ID of the TZ in IriusRisk*
4. In this example, note the following:
4.1 DFD contains three border boundaries using different Stencils and they are nested (1.2 and 1.3 are nested in 1.1)**
4.2 The default mapping file does not contain a mapping for Service Fabric Trust Boundary
4.3 The default mapping file does not contain a mapping for Azure Trust Boundary.
5. Requirements are (example):
5. 1 To Map the Service Fabric Trust Boundary border boundary [1.1] to the Public TZ:
5.1.1 Add the following mapping:
-label: Service Fabric Trust Boundary
type: Cloud Service
id: 6376d53e-6461-412b-8e04-7b3fe2b397de
5.2 To Map the Generic Trust Border Boundary border boundary [1.2]to the Internet TZ:
5.2.1 Update the type and id of the Generic Trust Border Boundary as follows:
-label: Generic Trust Border Boundary
type: Internet
id: f0ba7722-39b6-4c81-8290-a30a248bb8d9
5.3 To map the border boundary Azure Trust Boundary [1.3] to a TZ with a rating of 50.
The default Public Cloud TZ has a trust rating of 60. Let's say the rating for [1.3] was evaluated to have a trust rating of 50.
5.3.1 Create a new TZ in Irius Risk with trust rating of 50.
5.3.2 Add a mapping for the Azure Trust Boundary as follows:
- label: Azure Trust Boundary
type: Public Cloud
id: b70b79e9-31fe-4518-8a5c-d1e5b323a296
Notes:
* The "type" attribute currently supports the value provided in the "id" field, however in the near future, the "id" field will be deprecated. You may therefore just use the two attributes instead, e.g.,:
- label: Azure Trust Boundary
type: b70b79e9-31fe-4518-8a5c-d1e5b323a296
** At the time of writing, nested border boundaries, currently, can not share the same stencil name.
Comments
0 comments
Article is closed for comments.