ASTRA Threat Modeling and Security Architecture Review Framework v1.1.1
Release Date: May 4, 2025
⸻
✨ Highlights
• Philosophy and Background restored and expanded — capturing ASTRA’s real-world origins at Wells Fargo, American Express, Ameriprise Financial, and IBM.
• Clear Interview and Discovery Flow diagrams for easier understanding and team onboarding.
• Risk Prioritization and Scoring model fully documented with tables and matrices.
• Status Definitions Table added for clean tracking of findings, action items, and to-dos.
• Explicit structure for Observations, Assumptions, Risk Findings, Action Items, To-Dos, and Follow-Ups.
• Unified Working Spreadsheet improvements — now serves as the live primary artifact throughout the engagement.
• Templates improved and consolidated to accelerate engagement setup.
• Lightweight, business-driven methodology preserved with emphasis on clarity and adaptability.
⸻
📄 New Documents and Templates
• Unified Working Spreadsheet Template
• Business Context Questionnaire Template
• Technical Architecture Questionnaire Template
• Emerging Risks Checklist Template
• Practitioner’s Manual v1.1.1
• Quick Guide to Spreadsheet Usage
⸻
📜 Licensing
Released under the Creative Commons Attribution 4.0 International (CC BY 4.0) License.
You are free to share, adapt, and remix with proper attribution.
Attribution: “ASTRA Threat Modeling and Security Architecture Review Framework, developed by Steve Gibbons.”