Skip to content

Threat Register

The Threat Register provides a consolidated, model-wide view of all threats associated with a threat model.

Instead of reviewing threats element by element, the Threat Register allows you to view, prioritize, and manage threats in a single stream—making it easier to assess risk and take action at scale.

Use the Threat Register when reviewing overall risk, planning remediation, or preparing threat data for export and tracking.

What is the Threat Register?

The Threat Register aggregates all threats generated for a threat model into a single list.

For each threat, the register displays:

  • Threat title
  • Status
  • Priority
  • Associated element
  • Threat description

This view helps teams understand the full risk landscape of a model without navigating individual elements.

Tip

The Threat Register is most valuable once initial threat review has begun. It is not intended to replace element-level modeling, but to operationalize its output.

When to use the Threat Register

Use the Threat Register when you want to:

  • Review all threats across the model in one place
  • Identify high-risk or unmitigated threats
  • Prepare for design or security reviews
  • Plan remediation work
  • Export threat data for external tracking

Avoid using the Threat Register: - Before attributes are applied - Before threats have been reviewed for relevance - As a substitute for validating model structure

Accessing the Threat Register

The Threat Register is accessed from the Threat Model canvas.

To open the Threat Register:

  • Select a threat model
  • Open the Threat Register using the clipboard icon in the top-right area of the canvas

Once opened, the register shows all threats associated with the current threat model.

Step 1: Review threats at a model-wide level

Start by scanning the full list of threats.

At this stage, focus on: - Overall threat volume - Obvious high-risk items - Threats with no mitigation status - Patterns across multiple elements

This pass is about orientation, not decision-making.

Tip

If the number of threats feels unexpectedly high or low, review attributes and trust boundaries before taking action.

Step 2: Prioritize threats

Use priority and status to focus attention.

When prioritizing threats, consider: - Impact if the threat were exploited - Likelihood based on exposure and controls - Whether the threat affects critical data or trust boundaries

High-priority threats should: - Be reviewed first - Have clear mitigation decisions - Be visible to stakeholders

Note

Priority reflects relative importance, not urgency or ownership.

Step 3: Review threat details and mitigations

Selecting a threat in the Threat Register reveals:

  • The threat description
  • Why it applies
  • Associated mitigations
  • Current mitigation status

Use this view to: - Validate that the threat is relevant - Confirm mitigation intent - Ensure mitigation status is intentional and documented

This step often identifies: - Missing mitigations - Inconsistent statuses - Opportunities to reduce noise using mitigating attributes

Step 4: Locate threats in the model

From the Threat Register, you can locate where a threat applies in the model.

When viewing a threat: - Select Show on Map - The associated element and threat are highlighted on the data flow diagram

Use this to: - Understand architectural context - Validate that threats align with the intended structure - Identify modeling gaps or incorrect assumptions

Tip

If a threat does not make sense in context, revisit attributes or flows before dismissing it.

Step 5: Decide what belongs in the Threat Register

The Threat Register is for tracking and prioritization, not deep modeling.

Belongs in the Threat Register: - Threats that require follow-up - Threats being tracked over time - Threats shared with stakeholders or teams

Does not belong in the Threat Register: - Unreviewed raw threat output - Architectural fixes still being modeled - Attribute experimentation

Warning

Treating the Threat Register as a backlog without review often leads to noise and loss of trust in the model.

Step 6: Decide when the Threat Register is “done enough”

A Threat Register is usually in a good state when:

  • All threats have been reviewed for relevance
  • High-priority threats have mitigation decisions
  • Mitigation statuses are intentional
  • The remaining threats are understood and accepted

Tip

The Threat Register reflects current understanding. It should evolve as the system and model evolve.

Exporting the Threat Register

Threat data from the Threat Register can be exported in CSV format.

CSV exports are useful for: - Tracking threats in external tools - Creating engineering backlog items - Sharing threat data with security or compliance teams - Performing custom analysis or reporting

Tip

Use CSV exports for operational workflows. Use PDF exports for documentation and stakeholder communication.

Exports represent a point-in-time snapshot of the Threat Register.

Common Threat Register anti-patterns

Avoid these common mistakes:

  • Treating the register as a to-do list without validation
  • Exporting before threat review is complete
  • Ignoring low-priority threats entirely
  • Letting mitigation statuses go stale

Note

A noisy or outdated Threat Register usually indicates upstream modeling or attribute issues.

What’s next

After working with the Threat Register:

The Threat Register turns threat modeling output into actionable, trackable work.