Skip to content

Releases: steve-gibbons/astra-threat-modeling-framework

Going public

26 Apr 15:29
@steve-gibbons steve-gibbons
v1.1.1
a6aa54c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Going public Latest
Latest

ASTRA Threat Modeling and Security Architecture Review Framework v1.1.1

Release Date: May 4, 2025

✨ Highlights
• Philosophy and Background restored and expanded — capturing ASTRA’s real-world origins at Wells Fargo, American Express, Ameriprise Financial, and IBM.
• Clear Interview and Discovery Flow diagrams for easier understanding and team onboarding.
• Risk Prioritization and Scoring model fully documented with tables and matrices.
• Status Definitions Table added for clean tracking of findings, action items, and to-dos.
• Explicit structure for Observations, Assumptions, Risk Findings, Action Items, To-Dos, and Follow-Ups.
• Unified Working Spreadsheet improvements — now serves as the live primary artifact throughout the engagement.
• Templates improved and consolidated to accelerate engagement setup.
• Lightweight, business-driven methodology preserved with emphasis on clarity and adaptability.

📄 New Documents and Templates
• Unified Working Spreadsheet Template
• Business Context Questionnaire Template
• Technical Architecture Questionnaire Template
• Emerging Risks Checklist Template
• Practitioner’s Manual v1.1.1
• Quick Guide to Spreadsheet Usage

📜 Licensing

Released under the Creative Commons Attribution 4.0 International (CC BY 4.0) License.
You are free to share, adapt, and remix with proper attribution.

Attribution: “ASTRA Threat Modeling and Security Architecture Review Framework, developed by Steve Gibbons.”

Assets 2
Loading

ASTRA v1.0.0

25 Apr 22:23
@steve-gibbons steve-gibbons
v1.0.0
046e9c4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
ASTRA v1.0.0

ASTRA v1.0.0 Release Notes

Initial public release of the ASTRA Threat Modeling and Security Architecture Review Framework.

Included Materials:

  • Interview Notes Template
  • Risk Findings Table Template
  • Critical Action Items Table Template
  • Administrative To-Do Log Template
  • Business Context Questionnaire
  • Technical Architecture Questionnaire
  • Side-by-Side Example: Risk Finding vs. Critical Action Item
  • ASTRA Risk Matrix (text version)
  • Client-Facing Guide on Risk Findings vs. Action Items
  • ASTRA Practitioner\u2019s Manual v1.0

License:
Creative Commons Attribution 4.0 International (CC BY 4.0)

ASTRA is a collaborative, business-driven methodology for uncovering risks, not an audit or compliance checklist.

Thank you for helping improve security architecture worldwide!

Loading