====================
Threat Analysis Todo
====================

Needed
~~~~~~


#. page saying what TAs have been done, and haven't.
#. Etherpad template for review tracking
#. process
#. Improve documentation around context for OpenStack deployments, namely that
   they reflect best practice, and the documentation should explain what to do
   when things can be changed.
#. Add information on filling in interfaces table from diagram.
#. Remove U-C, O-C, I-C guidance
#. Add guidance that explains the importance of paying special attention to
   interfaces that cross trust boundaries
#. Reviewer to build sequence diagrams in real time during the review
#. Document how we assess a third party review to be in line with our key
   security assertions. I think perhaps we need a mapping table or something.
#. Should we prioritise assets.
#. Data assets should be listed in the architecture page before the review.
#. Figure out how to protect etherpad contents while retaining ability to share
   and collaboratively edit it.
#. Add 'review CIA for data assets to process'
#. change 'review CIA for each interface' to ' 'review CIA for each interface
   that crosses a security domain or each interface that doesn't use TLS'
#. Best practice for each type of asset connection
#. Document what a trust boundary is
#. Document what an asset is. Config file? elements within a config file?
#. Document what level of detail we want for external dependencies and give
   examples.