threagile.yaml

threagile_version: 1.0.0

# NOTE:
#
# For a perfect editing experience within your IDE of choice you can easily
# get model syntax validation and autocompletion (very handy for enum values)
# as well as live templates: Just import the schema.json into your IDE and assign
# it as "schema" to each Threagile YAML file. Also try to import individual parts
# from the live-templates.txt file into your IDE as live editing templates.
#
# You might also want to try the REST API when running in server mode...



title: Example Application

date: 2020-11-11

author:
  name: John Doe
  homepage: www.example.com




management_summary_comment: >
  Just some <b>more</b> custom summary possible here...

business_criticality: important # values: archive, operational, important, critical, mission-critical




business_overview:
  description: Some more <i>demo text</i> here and even images...
  images:
#    - custom-image-1.png: Some dummy image 1
#    - custom-image-2.png: Some dummy image 2


technical_overview:
  description: Some more <i>demo text</i> here and even images...
  images:
#    - custom-image-1.png: Some dummy image 1
#    - custom-image-2.png: Some dummy image 2



questions: # simply use "" as answer to signal "unanswered"
  How are the admin clients managed/protected against compromise?: ""
  How are the development clients managed/protected against compromise?: >
    Managed by XYZ
  How are the build pipeline components managed/protected against compromise?: >
    Managed by XYZ



abuse_cases:
  Denial-of-Service: >
    As a hacker I want to disturb the functionality of the backend system in order to cause indirect
    financial damage via unusable features.
  CPU-Cycle Theft: >
    As a hacker I want to steal CPU cycles in order to transform them into money via installed crypto currency miners.
  Ransomware: >
    As a hacker I want to encrypt the storage and file systems in order to demand ransom.
  Identity Theft: >
    As a hacker I want to steal identity data in order to reuse credentials and/or keys on other targets of the same company or outside.
  PII Theft: >
    As a hacker I want to steal PII (Personally Identifiable Information) data in order to blackmail the company and/or damage
    their repudiation by publishing them.

  ERP-System Compromise: >
    As a hacker I want to access the ERP-System in order to steal/modify sensitive business data.
  Database Compromise: >
    As a hacker I want to access the database backend of the ERP-System in order to steal/modify sensitive
    business data.
  Contract Filesystem Compromise: >
    As a hacker I want to access the filesystem storing the contract PDFs in order to steal/modify contract data.
  Cross-Site Scripting Attacks: >
    As a hacker I want to execute Cross-Site Scripting (XSS) and similar attacks in order to takeover victim sessions and
    cause reputational damage.
  Denial-of-Service of Enduser Functionality: >
    As a hacker I want to disturb the functionality of the enduser parts of the application in order to cause direct financial
    damage (lower sales).
  Denial-of-Service of ERP/DB Functionality: >
    As a hacker I want to disturb the functionality of the ERP system and/or it's database in order to cause indirect
    financial damage via unusable internal ERP features (not related to customer portal).


security_requirements:
  Input Validation: Strict input validation is required to reduce the overall attack surface.
  Securing Administrative Access: Administrative access must be secured with strong encryption and multi-factor authentication.
  EU-DSGVO: Mandatory EU-Datenschutzgrundverordnung


# Tags can be used for anything, it's just a tag. Also risk rules can act based on tags if you like.
# Tags can be used for example to name the products used (which is more concrete than the technology types that only specify the type)
tags_available:
  - linux
  - apache
  - mysql
  - jboss
  - keycloak
  - jenkins
  - git
  - oracle
  - some-erp
  - vmware
  - aws
  - aws:ec2
  - aws:s3




data_assets:


  Customer Contracts: &customer-contracts # this example shows the inheritance-like features of YAML
    id: customer-contracts
    description: Customer Contracts (PDF)
    usage: business # values: business, devops
    tags:
    origin: Customer
    owner: Company XYZ
    quantity: many # values: very-few, few, many, very-many
    confidentiality: confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: operational # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      Contract data might contain financial data as well as personally identifiable information (PII). The integrity and
      availability of contract data is required for clearing payment disputes.


  Customer Contract Summaries:
    <<: *customer-contracts # here we're referencing the above created asset as base and just overwrite few values
    id: contract-summaries
    description: Customer Contract Summaries
    quantity: very-few # values: very-few, few, many, very-many
    confidentiality: restricted # values: public, internal, restricted, confidential, strictly-confidential
    integrity: operational # values: archive, operational, important, critical, mission-critical
    availability: operational # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      Just some summaries.


  Customer Operational Data:
    <<: *customer-contracts # here we're referencing the above created asset as base and just overwrite few values
    id: customer-operational-data
    description: Customer Operational Data
    availability: critical # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      Customer operational data for using the portal are required to be available to offer the portal functionality
      and are used in the backend transactions.


  Customer Accounts:
    <<: *customer-contracts # here we're referencing the above created asset as base and just overwrite few values
    id: customer-accounts
    description: Customer Accounts (including transient credentials when entered for checking them)
    confidentiality: strictly-confidential # values: public, internal, restricted, confidential, strictly-confidential
    availability: critical # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      Customer account data for using the portal are required to be available to offer the portal functionality.


  Some Internal Business Data:
    id: internal-business-data
    description: Internal business data of the ERP system used unrelated to the customer-facing processes.
    usage: business # values: business, devops
    tags:
    origin: Company XYZ
    owner: Company XYZ
    quantity: few # values: very-few, few, many, very-many
    confidentiality: strictly-confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: critical # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      Data used and/or generated during unrelated other usecases of the ERP-system (when used also by Company XYZ for
      internal non-customer-portal-related stuff).


  Client Application Code: &client-application-code # this example shows the inheritance-like features of YAML
    id: client-application-code
    description: Angular and other client-side code delivered by the application.
    usage: devops # values: business, devops
    tags:
    origin: Company ABC
    owner: Company ABC
    quantity: very-few # values: very-few, few, many, very-many
    confidentiality: public # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: important # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The integrity of the public data is critical to avoid reputational damage and the availability is important on the
      long-term scale (but not critical) to keep the growth rate of the customer base steady.


  Server Application Code:
    <<: *client-application-code # here we're referencing the above created asset as base and just overwrite few values
    id: server-application-code
    description: API and other server-side code of the application.
    confidentiality: internal # values: public, internal, restricted, confidential, strictly-confidential
    integrity: mission-critical # values: archive, operational, important, critical, mission-critical
    availability: important # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The integrity of the API code is critical to avoid reputational damage and the availability is important on the
      long-term scale (but not critical) to keep the growth rate of the customer base steady.


  Build Job Config:
    id: build-job-config
    description: Data for customizing of the build job system.
    usage: devops # values: business, devops
    tags:
    origin: Company XYZ
    owner: Company XYZ
    quantity: very-few # values: very-few, few, many, very-many
    confidentiality: restricted # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: operational # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      Data for customizing of the build job system.


  Marketing Material:
    <<: *client-application-code # here we're referencing the above created asset as base and just overwrite few values
    id: marketing-material
    description: Website and marketing data to inform potential customers and generate new leads.
    integrity: important # values: archive, operational, important, critical, mission-critical


  ERP Logs:
    id: erp-logs
    description: Logs generated by the ERP system.
    usage: devops # values: business, devops
    tags:
    origin: Company XYZ
    owner: Company XYZ
    quantity: many # values: very-few, few, many, very-many
    confidentiality: restricted # values: public, internal, restricted, confidential, strictly-confidential
    integrity: archive # values: archive, operational, important, critical, mission-critical
    availability: archive # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      Logs should not contain PII data and are only required for failure analysis, i.e. they are not considered as hard
      transactional logs.


  ERP Customizing Data:
    id: erp-customizing
    description: Data for customizing of the ERP system.
    usage: devops # values: business, devops
    tags:
    origin: Company XYZ
    owner: Company XYZ
    quantity: very-few # values: very-few, few, many, very-many
    confidentiality: confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: critical # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      Data for customizing of the ERP system.


  Database Customizing and Dumps:
    id: db-dumps
    description: Data for customizing of the DB system, which might include full database dumps.
    usage: devops # values: business, devops
    tags:
      - oracle
    origin: Company XYZ
    owner: Company XYZ
    quantity: very-few # values: very-few, few, many, very-many
    confidentiality: strictly-confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: critical # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      Data for customizing of the DB system, which might include full database dumps.






technical_assets:


  Customer Web Client:
    id: customer-client
    description: Customer Web Client
    type: external-entity # values: external-entity, process, datastore
    usage: business # values: business, devops
    used_as_client_by_human: true
    out_of_scope: true
    justification_out_of_scope: Owned and managed by enduser customer
    size: component # values: system, service, application, component
    technology: browser # values: see help
    tags:
    internet: true
    machine: physical # values: physical, virtual, container, serverless
    encryption: none # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Customer
    confidentiality: internal # values: public, internal, restricted, confidential, strictly-confidential
    integrity: operational # values: archive, operational, important, critical, mission-critical
    availability: operational # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The client used by the customer to access the system.
    multi_tenant: false
    redundant: false
    custom_developed_parts: false
    data_assets_processed: # sequence of IDs to reference
      - customer-accounts
      - customer-operational-data
      - customer-contracts
      - client-application-code
      - marketing-material
    data_assets_stored: # sequence of IDs to reference
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
    communication_links:
      Customer Traffic:
        target: load-balancer
        description: Link to the load balancer
        protocol: https # values: see help
        authentication: session-id # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: enduser-identity-propagation # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: business # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - customer-accounts
          - customer-operational-data
        data_assets_received: # sequence of IDs to reference
          - customer-accounts
          - customer-operational-data
          - customer-contracts
          - client-application-code
          - marketing-material
        #diagram_tweak_weight: 1
        #diagram_tweak_constraint: false


  Backoffice Client:
    id: backoffice-client
    #diagram_tweak_order: 0 # affects left to right positioning (only within a trust boundary)
    description: Backoffice client
    type: external-entity # values: external-entity, process, datastore
    usage: business # values: business, devops
    used_as_client_by_human: true
    out_of_scope: true
    justification_out_of_scope: Owned and managed by Company XYZ company
    size: component # values: system, service, application, component
    technology: desktop # values: see help
    tags:
    internet: false
    machine: physical # values: physical, virtual, container, serverless
    encryption: none # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Company XYZ
    confidentiality: confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: important # values: archive, operational, important, critical, mission-critical
    availability: important # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The client used by Company XYZ to administer and use the system.
    multi_tenant: false
    redundant: false
    custom_developed_parts: false
    data_assets_processed: # sequence of IDs to reference
      - customer-contracts
      - internal-business-data
      - erp-logs
    data_assets_stored: # sequence of IDs to reference
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
    communication_links:
      ERP Internal Access:
        target: erp-system
        description: Link to the ERP system
        protocol: https # values: see help
        authentication: token # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: enduser-identity-propagation # values: none, technical-user, enduser-identity-propagation
        tags:
          - some-erp
        vpn: true
        ip_filtered: false
        readonly: false
        usage: business # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - internal-business-data
        data_assets_received: # sequence of IDs to reference
          - customer-contracts
          - internal-business-data
        #diagram_tweak_weight: 1
        #diagram_tweak_constraint: false
      Marketing CMS Editing:
        target: marketing-cms
        description: Link to the CMS for editing content
        protocol: https # values: see help
        authentication: token # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: enduser-identity-propagation # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: true
        ip_filtered: false
        readonly: false
        usage: business # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - marketing-material
        data_assets_received: # sequence of IDs to reference
          - marketing-material
        #diagram_tweak_weight: 1
        #diagram_tweak_constraint: false


  Backend Admin Client:
    id: backend-admin-client
    #diagram_tweak_order: 0 # affects left to right positioning (only within a trust boundary)
    description: Backend admin client
    type: external-entity # values: external-entity, process, datastore
    usage: devops # values: business, devops
    used_as_client_by_human: true
    out_of_scope: true
    justification_out_of_scope: Owned and managed by ops provider
    size: component # values: system, service, application, component
    technology: browser # values: see help
    tags:
    internet: false
    machine: physical # values: physical, virtual, container, serverless
    encryption: none # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Company XYZ
    confidentiality: internal # values: public, internal, restricted, confidential, strictly-confidential
    integrity: operational # values: archive, operational, important, critical, mission-critical
    availability: operational # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The client used by Company XYZ to administer the system.
    multi_tenant: false
    redundant: false
    custom_developed_parts: false
    data_assets_processed: # sequence of IDs to reference
      - erp-logs
    data_assets_stored: # sequence of IDs to reference
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
    communication_links:
      ERP Web Access:
        target: erp-system
        description: Link to the ERP system (Web)
        protocol: https # values: see help
        authentication: token # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: technical-user # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: devops # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - erp-customizing
        data_assets_received: # sequence of IDs to reference
          - erp-logs
        #diagram_tweak_weight: 1
        #diagram_tweak_constraint: false
      DB Update Access:
        target: sql-database
        description: Link to the database (JDBC tunneled via SSH)
        protocol: ssh # values: see help
        authentication: client-certificate # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: technical-user # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: devops # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - db-dumps
        data_assets_received: # sequence of IDs to reference
          - db-dumps
          - erp-logs
          - customer-accounts
          - customer-operational-data
        #diagram_tweak_weight: 1
        #diagram_tweak_constraint: false
      User Management Access:
        target: ldap-auth-server
        description: Link to the LDAP auth server for managing users
        protocol: ldaps # values: see help
        authentication: credentials # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: technical-user # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: devops # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - customer-accounts
        data_assets_received: # sequence of IDs to reference
          - customer-accounts
        #diagram_tweak_weight: 1
        #diagram_tweak_constraint: false


  Load Balancer:
    id: load-balancer
    #diagram_tweak_order: 50 # affects left to right positioning (only within a trust boundary)
    description: Load Balancer (HA-Proxy)
    type: process # values: external-entity, process, datastore
    usage: business # values: business, devops
    used_as_client_by_human: false
    out_of_scope: false
    justification_out_of_scope:
    size: component # values: system, service, application, component
    technology: load-balancer # values: see help
    tags:
    internet: false
    machine: physical # values: physical, virtual, container, serverless
    encryption: none # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Company ABC
    confidentiality: internal # values: public, internal, restricted, confidential, strictly-confidential
    integrity: mission-critical # values: archive, operational, important, critical, mission-critical
    availability: mission-critical # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The correct configuration and reachability of the load balancer is mandatory for all customer and Company XYZ
      usages of the portal and ERP system.
    multi_tenant: false
    redundant: false
    custom_developed_parts: false
    data_assets_processed: # sequence of IDs to reference
      - customer-accounts
      - customer-operational-data
      - customer-contracts
      - internal-business-data
      - client-application-code
      - marketing-material
    data_assets_stored: # sequence of IDs to reference
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
    communication_links:
      Web Application Traffic:
        target: apache-webserver
        description: Link to the web server
        protocol: http # values: see help
        authentication: session-id # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: enduser-identity-propagation # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: business # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - customer-accounts
          - customer-operational-data
        data_assets_received: # sequence of IDs to reference
          - customer-accounts
          - customer-operational-data
          - customer-contracts
          - client-application-code
        #diagram_tweak_weight: 5
        #diagram_tweak_constraint: false
      CMS Content Traffic:
        target: marketing-cms
        description: Link to the CMS server
        protocol: http # values: see help
        authentication: none # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: none # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: true
        usage: business # values: business, devops
        data_assets_sent: # sequence of IDs to reference
        data_assets_received: # sequence of IDs to reference
          - marketing-material
        #diagram_tweak_weight: 5
        #diagram_tweak_constraint: false


  Apache Webserver:
    id: apache-webserver
    #diagram_tweak_order: 0 # affects left to right positioning (only within a trust boundary)
    description: Apache Webserver hosting the API code and client-side code
    type: process # values: external-entity, process, datastore
    usage: business # values: business, devops
    used_as_client_by_human: false
    out_of_scope: false
    justification_out_of_scope:
    size: application # values: system, service, application, component
    technology: web-server # values: see help
    tags:
      - linux
      - apache
      - aws:ec2
    internet: false
    machine: container # values: physical, virtual, container, serverless
    encryption: none # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Company ABC
    confidentiality: internal # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: critical # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The correct configuration and reachability of the web server is mandatory for all customer usages of the portal.
    multi_tenant: false
    redundant: false
    custom_developed_parts: true
    data_assets_processed: # sequence of IDs to reference
      - customer-accounts
      - customer-operational-data
      - customer-contracts
      - internal-business-data
      - client-application-code
      - server-application-code
    data_assets_stored: # sequence of IDs to reference
      - client-application-code
      - server-application-code
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
      - json
      - file
    communication_links:
      ERP System Traffic:
        target: erp-system
        description: Link to the ERP system
        protocol: https # values: see help
        authentication: token # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: technical-user # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: business # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - customer-accounts
          - customer-operational-data
          - internal-business-data
        data_assets_received: # sequence of IDs to reference
          - customer-accounts
          - customer-operational-data
          - customer-contracts
          - internal-business-data
        #diagram_tweak_weight: 5
        #diagram_tweak_constraint: false
      Auth Credential Check Traffic:
        target: identity-provider
        description: Link to the identity provider server
        protocol: https # values: see help
        authentication: credentials # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: technical-user # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: business # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - customer-accounts
        data_assets_received: # sequence of IDs to reference


  Identity Provider:
    id: identity-provider
    #diagram_tweak_order: 0 # affects left to right positioning (only within a trust boundary)
    description: Identity provider server
    type: process # values: external-entity, process, datastore
    usage: business # values: business, devops
    used_as_client_by_human: false
    out_of_scope: false
    justification_out_of_scope:
    size: component # values: system, service, application, component
    technology: identity-provider # values: see help
    tags:
      - linux
      - jboss
      - keycloak
    internet: false
    machine: virtual # values: physical, virtual, container, serverless
    encryption: none # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Company ABC
    confidentiality: confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: critical # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The auth data of the application
    multi_tenant: false
    redundant: false
    custom_developed_parts: false
    data_assets_processed: # sequence of IDs to reference
      - customer-accounts
    data_assets_stored: # sequence of IDs to reference
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
    communication_links:
      LDAP Credential Check Traffic:
        target: ldap-auth-server
        description: Link to the LDAP server
        protocol: ldaps # values: see help
        authentication: credentials # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: technical-user # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: business # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - customer-accounts
        data_assets_received: # sequence of IDs to reference


  LDAP Auth Server:
    id: ldap-auth-server
    #diagram_tweak_order: 0 # affects left to right positioning (only within a trust boundary)
    description: LDAP authentication server
    type: datastore # values: external-entity, process, datastore
    usage: business # values: business, devops
    used_as_client_by_human: false
    out_of_scope: false
    justification_out_of_scope:
    size: component # values: system, service, application, component
    technology: identity-store-ldap # values: see help
    tags:
      - linux
    internet: false
    machine: physical # values: physical, virtual, container, serverless
    encryption: transparent # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Company ABC
    confidentiality: confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: critical # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The auth data of the application
    multi_tenant: false
    redundant: false
    custom_developed_parts: false
    data_assets_processed: # sequence of IDs to reference
      - customer-accounts
    data_assets_stored: # sequence of IDs to reference
      - customer-accounts
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
    communication_links:


  Marketing CMS:
    id: marketing-cms
    #diagram_tweak_order: 0 # affects left to right positioning (only within a trust boundary)
    description: CMS for the marketing content
    type: process # values: external-entity, process, datastore
    usage: business # values: business, devops
    used_as_client_by_human: false
    out_of_scope: false
    justification_out_of_scope:
    size: application # values: system, service, application, component
    technology: cms # values: see help
    tags:
      - linux
    internet: false
    machine: container # values: physical, virtual, container, serverless
    encryption: none # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Company ABC
    confidentiality: internal # values: public, internal, restricted, confidential, strictly-confidential
    integrity: important # values: archive, operational, important, critical, mission-critical
    availability: important # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The correct configuration and reachability of the web server is mandatory for all customer usages of the portal.
    multi_tenant: false
    redundant: false
    custom_developed_parts: true
    data_assets_processed: # sequence of IDs to reference
      - marketing-material
      - customer-accounts
    data_assets_stored: # sequence of IDs to reference
      - marketing-material
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
    communication_links:
      Auth Traffic:
        target: ldap-auth-server
        description: Link to the LDAP auth server
        protocol: ldap # values: see help
        authentication: credentials # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: technical-user # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: true
        usage: business # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - customer-accounts
        data_assets_received: # sequence of IDs to reference
          - customer-accounts
        #diagram_tweak_weight: 5
        #diagram_tweak_constraint: false


  Backoffice ERP System:
    id: erp-system
    #diagram_tweak_order: 0 # affects left to right positioning (only within a trust boundary)
    description: ERP system
    type: process # values: external-entity, process, datastore
    usage: business # values: business, devops
    used_as_client_by_human: false
    out_of_scope: false
    justification_out_of_scope:
    size: system # values: system, service, application, component
    technology: erp # values: see help
    tags:
      - linux
    internet: false
    machine: virtual # values: physical, virtual, container, serverless
    encryption: none # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Company ABC
    confidentiality: strictly-confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: mission-critical # values: archive, operational, important, critical, mission-critical
    availability: mission-critical # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The ERP system contains business-relevant sensitive data for the leasing processes and eventually also for other
      Company XYZ internal processes.
    multi_tenant: false
    redundant: true
    custom_developed_parts: false
    data_assets_processed: # sequence of IDs to reference
      - customer-accounts
      - customer-operational-data
      - customer-contracts
      - internal-business-data
      - erp-customizing
    data_assets_stored: # sequence of IDs to reference
      - erp-logs
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
      - xml
      - file
      - serialization
    communication_links:
      Database Traffic:
        target: sql-database
        description: Link to the DB system
        protocol: jdbc # values: see help
        authentication: credentials # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: technical-user # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: business # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - customer-accounts
          - customer-operational-data
          - internal-business-data
        data_assets_received: # sequence of IDs to reference
          - customer-accounts
          - customer-operational-data
          - internal-business-data
        #diagram_tweak_weight: 1
        #diagram_tweak_constraint: false
      NFS Filesystem Access:
        target: contract-fileserver
        description: Link to the file system
        protocol: nfs # values: see help
        authentication: none # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: none # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: business # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - customer-contracts
        data_assets_received: # sequence of IDs to reference
          - customer-contracts
        #diagram_tweak_weight: 1
        #diagram_tweak_constraint: false


  Contract Fileserver:
    id: contract-fileserver
    #diagram_tweak_order: 0 # affects left to right positioning (only within a trust boundary)
    description: NFS Filesystem for storing the contract PDFs
    type: datastore # values: external-entity, process, datastore
    usage: business # values: business, devops
    used_as_client_by_human: false
    out_of_scope: false
    justification_out_of_scope:
    size: component # values: system, service, application, component
    technology: file-server # values: see help
    tags:
      - linux
      - aws:s3
    internet: false
    machine: virtual # values: physical, virtual, container, serverless
    encryption: none # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Company ABC
    confidentiality: confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: important # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      Contract data might contain financial data as well as personally identifiable information (PII). The integrity and
      availability of contract data is required for clearing payment disputes. The filesystem is also required to be available
      for storing new contracts of freshly generated customers.
    multi_tenant: false
    redundant: false
    custom_developed_parts: false
    data_assets_processed: # sequence of IDs to reference
    data_assets_stored: # sequence of IDs to reference
      - customer-contracts
      - contract-summaries
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
      - file
    communication_links:


  Customer Contract Database:
    id: sql-database
    #diagram_tweak_order: 0 # affects left to right positioning (only within a trust boundary)
    description: The database behind the ERP system
    type: datastore # values: external-entity, process, datastore
    usage: business # values: business, devops
    used_as_client_by_human: false
    out_of_scope: false
    justification_out_of_scope:
    size: component # values: system, service, application, component
    technology: database # values: see help
    tags:
      - linux
      - mysql
    internet: false
    machine: virtual # values: physical, virtual, container, serverless
    encryption: data-with-symmetric-shared-key # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Company ABC
    confidentiality: strictly-confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: mission-critical # values: archive, operational, important, critical, mission-critical
    availability: mission-critical # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The ERP system's database contains business-relevant sensitive data for the leasing processes and eventually also
      for other Company XYZ internal processes.
    multi_tenant: false
    redundant: false
    custom_developed_parts: false
    data_assets_processed: # sequence of IDs to reference
      - db-dumps
    data_assets_stored: # sequence of IDs to reference
      - customer-accounts
      - customer-operational-data
      - internal-business-data
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
    communication_links:


  External Development Client:
    id: external-dev-client
    #diagram_tweak_order: 0 # affects left to right positioning (only within a trust boundary)
    description: External developer client
    type: external-entity # values: external-entity, process, datastore
    usage: devops # values: business, devops
    used_as_client_by_human: true
    out_of_scope: true
    justification_out_of_scope: Owned and managed by external developers
    size: system # values: system, service, application, component
    technology: devops-client # values: see help
    tags:
      - linux
    internet: true
    machine: physical # values: physical, virtual, container, serverless
    encryption: none # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: External Developers
    confidentiality: confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: operational # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The clients used by external developers to create parts of the application code.
    multi_tenant: true
    redundant: false
    custom_developed_parts: false
    data_assets_processed: # sequence of IDs to reference
      - client-application-code
      - server-application-code
    data_assets_stored: # sequence of IDs to reference
      - client-application-code
      - server-application-code
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
      - file
    communication_links:
      Git-Repo Code Write Access:
        target: git-repo
        description: Link to the Git repo
        protocol: ssh # values: see help
        authentication: client-certificate # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: technical-user # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: devops # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - client-application-code
          - server-application-code
        data_assets_received: # sequence of IDs to reference
          - client-application-code
          - server-application-code
        #diagram_tweak_weight: 1
        #diagram_tweak_constraint: false
      Git-Repo Web-UI Access:
        target: git-repo
        description: Link to the Git repo
        protocol: https # values: see help
        authentication: token # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: technical-user # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: devops # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - client-application-code
          - server-application-code
        data_assets_received: # sequence of IDs to reference
          - client-application-code
          - server-application-code
        #diagram_tweak_weight: 1
        #diagram_tweak_constraint: false
      Jenkins Web-UI Access:
        target: jenkins-buildserver
        description: Link to the Jenkins build server
        protocol: https # values: see help
        authentication: credentials # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: technical-user # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: devops # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - build-job-config
        data_assets_received: # sequence of IDs to reference
          - build-job-config
        #diagram_tweak_weight: 1
        #diagram_tweak_constraint: false


  Git Repository:
    id: git-repo
    #diagram_tweak_order: 99 # affects left to right positioning (only within a trust boundary)
    description: Git repository server
    type: process # values: external-entity, process, datastore
    usage: devops # values: business, devops
    used_as_client_by_human: false
    out_of_scope: false
    justification_out_of_scope:
    size: system # values: system, service, application, component
    technology: sourcecode-repository # values: see help
    tags:
      - linux
      - git
    internet: false
    machine: virtual # values: physical, virtual, container, serverless
    encryption: none # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Company ABC
    confidentiality: confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: important # values: archive, operational, important, critical, mission-critical
    availability: important # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The code repo pipeline might contain sensitive configuration values like backend credentials, certificates etc. and is
      therefore rated as confidential.
    multi_tenant: true
    redundant: false
    custom_developed_parts: false
    data_assets_processed: # sequence of IDs to reference
      - client-application-code
      - server-application-code
    data_assets_stored: # sequence of IDs to reference
      - client-application-code
      - server-application-code
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
      - file
    communication_links:


  Jenkins Buildserver:
    id: jenkins-buildserver
    #diagram_tweak_order: 99 # affects left to right positioning (only within a trust boundary)
    description: Jenkins buildserver
    type: process # values: external-entity, process, datastore
    usage: devops # values: business, devops
    used_as_client_by_human: false
    out_of_scope: false
    justification_out_of_scope:
    size: system # values: system, service, application, component
    technology: build-pipeline # values: see help
    tags:
      - linux
      - jenkins
    internet: false
    machine: virtual # values: physical, virtual, container, serverless
    encryption: none # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Company ABC
    confidentiality: confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: important # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: >
      The build pipeline might contain sensitive configuration values like backend credentials, certificates etc. and is
      therefore rated as confidential. The integrity and availability is rated as critical and important due to the risk
      of reputation damage and application update unavailability when the build pipeline is compromised.
    multi_tenant: true
    redundant: false
    custom_developed_parts: false
    data_assets_processed: # sequence of IDs to reference
      - build-job-config
      - client-application-code
      - server-application-code
      - marketing-material
    data_assets_stored: # sequence of IDs to reference
      - build-job-config
      - client-application-code
      - server-application-code
      - marketing-material
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
      - file
      - serialization
    communication_links:
      Git Repo Code Read Access:
        target: git-repo
        description: Link to the Git repository server
        protocol: ssh # values: see help
        authentication: client-certificate # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: technical-user # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: true
        usage: devops # values: business, devops
        data_assets_sent: # sequence of IDs to reference
        data_assets_received: # sequence of IDs to reference
          - client-application-code
          - server-application-code
        #diagram_tweak_weight: 1
        #diagram_tweak_constraint: false
      Application Deployment:
        target: apache-webserver
        description: Link to the Apache webserver
        protocol: ssh # values: see help
        authentication: client-certificate # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: technical-user # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: devops # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - client-application-code
          - server-application-code
        data_assets_received: # sequence of IDs to reference
      CMS Updates:
        target: marketing-cms
        description: Link to the CMS
        protocol: ssh # values: see help
        authentication: client-certificate # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: technical-user # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: devops # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - marketing-material
        data_assets_received: # sequence of IDs to reference





trust_boundaries:


  Web DMZ:
    id: web-dmz
    description: Web DMZ
    type: network-cloud-security-group # values: see help
    tags:
    technical_assets_inside: # sequence of IDs to reference
      - apache-webserver
      - marketing-cms
    trust_boundaries_nested: # sequence of IDs to reference


  ERP DMZ:
    id: erp-dmz
    description: ERP DMZ
    type: network-cloud-security-group # values: see help
    tags:
      - some-erp
    technical_assets_inside: # sequence of IDs to reference
      - erp-system
      - contract-fileserver
      - sql-database
    trust_boundaries_nested: # sequence of IDs to reference


  Application Network:
    id: application-network
    description: Application Network
    type: network-cloud-provider # values: see help
    tags:
      - aws
    technical_assets_inside: # sequence of IDs to reference
      - load-balancer
    trust_boundaries_nested: # sequence of IDs to reference
      - web-dmz
      - erp-dmz
      - auth-env


  Auth Handling Environment:
    id: auth-env
    description: Auth Handling Environment
    type: execution-environment # values: see help
    tags:
    technical_assets_inside: # sequence of IDs to reference
      - identity-provider
      - ldap-auth-server
    trust_boundaries_nested: # sequence of IDs to reference


  Dev Network:
    id: dev-network
    description: Development Network
    type: network-on-prem # values: see help
    tags:
    technical_assets_inside: # sequence of IDs to reference
      - jenkins-buildserver
      - git-repo
      - backend-admin-client
      - backoffice-client
    trust_boundaries_nested: # sequence of IDs to reference





shared_runtimes:


  WebApp and Backoffice Virtualization:
    id: webapp-virtualization
    description: WebApp Virtualization
    tags:
      - vmware
    technical_assets_running: # sequence of IDs to reference
      - apache-webserver
      - marketing-cms
      - erp-system
      - contract-fileserver
      - sql-database




individual_risk_categories: # used for adding custom manually identified risks


  Some Individual Risk Example:
    id: something-strange
    description: Some text describing the risk category...
    impact: Some text describing the impact...
    asvs: V0 - Something Strange
    cheat_sheet: https://example.com
    action: Some text describing the action...
    mitigation: Some text describing the mitigation...
    check: Check if XYZ...
    function: business-side # values: business-side, architecture, development, operations
    stride: repudiation # values: spoofing, tampering, repudiation, information-disclosure, denial-of-service, elevation-of-privilege
    detection_logic: Some text describing the detection logic...
    risk_assessment: Some text describing the risk assessment...
    false_positives: Some text describing the most common types of false positives...
    model_failure_possible_reason: false
    cwe: 693
    risks_identified:
      <b>Example Individual Risk</b> at <b>Database</b>:
        severity: critical # values: low, medium, elevated, high, critical
        exploitation_likelihood: likely # values: unlikely, likely, very-likely, frequent
        exploitation_impact: medium # values: low, medium, high, very-high
        data_breach_probability: probable # values: improbable, possible, probable
        data_breach_technical_assets: # list of technical asset IDs which might have data breach
          - sql-database
        most_relevant_data_asset:
        most_relevant_technical_asset: sql-database
        most_relevant_communication_link:
        most_relevant_trust_boundary:
        most_relevant_shared_runtime:
      <b>Example Individual Risk</b> at <b>Contract Filesystem</b>:
        severity: medium # values: low, medium, elevated, high, critical
        exploitation_likelihood: frequent # values: unlikely, likely, very-likely, frequent
        exploitation_impact: very-high # values: low, medium, high, very-high
        data_breach_probability: improbable # values: improbable, possible, probable
        data_breach_technical_assets: # list of technical asset IDs which might have data breach
        most_relevant_data_asset:
        most_relevant_technical_asset: contract-fileserver
        most_relevant_communication_link:
        most_relevant_trust_boundary:
        most_relevant_shared_runtime:



# NOTE:
# For risk tracking each risk-id needs to be defined (the string with the @ sign in it). These unique risk IDs
# are visible in the PDF report (the small grey string under each risk), the Excel (column "ID"), as well as the JSON responses.
# Some risk IDs have only one @ sign in them, while others multiple. The idea is to allow for unique but still speaking IDs.
# Therefore each risk instance creates its individual ID by taking all affected elements causing the risk to be within an @-delimited part.
# Using wildcards (the * sign) for parts delimited by @ signs allows to handle groups of certain risks at once. Best is to lookup the IDs
# to use in the created Excel file. Alternatively a model macro "seed-risk-tracking" is available that helps in initially
# seeding the risk tracking part here based on already identified and not yet handled risks.
risk_tracking:

  untrusted-deserialization@erp-system: # wildcards "*" between the @ characters are possible
    status: accepted # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive
    justification: Risk accepted as tolerable
    ticket: XYZ-1234
    date: 2020-01-04
    checked_by: John Doe

  ldap-injection@*@ldap-auth-server@*: # wildcards "*" between the @ characters are possible
    status: mitigated # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive
    justification: The hardening measures were implemented and checked
    ticket: XYZ-5678
    date: 2020-01-05
    checked_by: John Doe

  unencrypted-asset@*: # wildcards "*" between the @ characters are possible
    status: mitigated # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive
    justification: The hardening measures were implemented and checked
    ticket: XYZ-1234
    date: 2020-01-04
    checked_by: John Doe

  missing-authentication-second-factor@*@*@*: # wildcards "*" between the @ characters are possible
    status: mitigated # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive
    justification: The hardening measures were implemented and checked
    ticket: XYZ-1234
    date: 2020-01-04
    checked_by: John Doe

  missing-hardening@*: # wildcards "*" between the @ characters are possible
    status: mitigated # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive
    justification: The hardening measures were implemented and checked
    ticket: XYZ-1234
    date: 2020-01-04
    checked_by: John Doe

  dos-risky-access-across-trust-boundary@*@*@*: # wildcards "*" between the @ characters are possible
    status: in-progress # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive
    justification: The hardening measures are being implemented and checked
    ticket: XYZ-1234
    date: 2020-01-04
    checked_by: John Doe



#diagram_tweak_edge_layout: spline # values: spline, polyline, false, ortho (this suppresses edge labels), curved (this suppresses edge labels and can cause problems with edges)

#diagram_tweak_suppress_edge_labels: true
#diagram_tweak_layout_left_to_right: true
#diagram_tweak_nodesep: 2
#diagram_tweak_ranksep: 2
#diagram_tweak_invisible_connections_between_assets:
#  - tech-asset-source-id-A:tech-asset-target-id-B
#  - tech-asset-source-id-C:tech-asset-target-id-D
#diagram_tweak_same_rank_assets:
#  - tech-asset-source-id-E:tech-asset-target-id-F:tech-asset-source-id-G:tech-asset-target-id-H
#  - tech-asset-source-id-M:tech-asset-target-id-N:tech-asset-source-id-O