Automatically marking a Countermeasure as Implemented

In some circumstances it's useful to automatically set a Countermeasure as Implemented when the model is generated.  This can help to reduce the number of security requirements and tickets that engineering teams see on their trackers, if the countermeasures don't actually have to be implemented by them.

An example of this is if you have standardised on hardened EC2 instances and therefore some of the default countermeasures included in our default libraries are automatically implemented and don't require any manual intervention by engineering teams.

To do this, you can create a rule with no condition (so that it always evaluates as true), and then use the action "Mark countermeasure as Implemented".

With this rule in place, whenever a EC2 component is selected, the countermeasure is always automatically marked as Implemented in the generated threat model: