🛡️ Full review & update: SECURITY_ARCHITECTURE.md, THREAT_MODEL.md, CRA-ASSESSMENT.md — Current-state security, threats & compliance

[pethers]

📋 Issue Type

Documentation — Security architecture, threat model, and compliance deep review

🎯 Objective

Perform a complete deep-inspection review and update of SECURITY_ARCHITECTURE.md (v2.3), THREAT_MODEL.md (v1.2), and CRA-ASSESSMENT.md (v1.3) to ensure they accurately reflect the current security posture as of v0.8.76 with extensive coverage of the political intelligence security surface and the expanded agentic workflow attack surface.

📊 Current State Assessment

• SECURITY_ARCHITECTURE.md v2.3 (2026-05-03) — needs v0.8.76 reconciliation
• THREAT_MODEL.md v1.2 (2026-04-20) — needs full STRIDE update for new surfaces
• CRA-ASSESSMENT.md v1.3 (2026-04-20) — needs reconciliation with current controls
• Expanded attack surface: 39 analysis templates, 18 methodologies consumed by AI agents
• Analysis gate (checks 1-9b) is a security control that needs documentation
• IMF/SCB/World Bank/Riksbank/Statskontoret/RiR external data sources
• 14 agentic workflows with five-layer safe-output security
• Squid proxy + iptables egress firewall
• v0.8.76 with SLSA provenance, SRI, OIDC-only CI/CD

🔧 Required Updates — SECURITY_ARCHITECTURE.md

Political Intelligence Security Surface

• Document security controls around 39 analysis templates (input validation, output sanitization)
• Document analysis gate (checks 1-9b) as a security control layer
• Document methodology-reflection validation as integrity assurance
• Document political classification as a data governance control
• Document OSINT tradecraft standards compliance as an operational security measure
• Document horizon stratification boundaries (what data can feed which horizon)

Agentic Workflow Security (Expanded)

• Full STRIDE analysis of the 14 agentic news workflows attack surface
• Document five-layer safe-output security model in detail (controls, bypass resistance)
• Document Squid proxy domain allowlist as an egress control
• Document iptables firewall rules
• Document MCP server authentication and token scoping per server
• Document safe-output artifact size limits and content sanitization
• Document prompt injection detection and mitigation controls

Data Provider Security

• Document IMF client security (TLS, schema validation, cache integrity, .meta.json tamper detection)
• Document SCB MCP server isolation (container-based, allowlisted)
• Document World Bank MCP server isolation
• Document Riksbank data fetch security controls
• Document Statskontoret/RiR data integrity measures
• Document parliamentary data (Riksdag API) trust model
• Map all external data providers to trust boundaries diagram

Infrastructure Security

• Verify AWS CloudFront + S3 dual-region security configuration
• Document GitHub Pages as DR fallback security considerations
• Verify OIDC-only deployment (zero long-lived credentials)
• Document SRI enforcement via vite-plugin-sri-gen
• Verify CSP/HSTS/security headers configuration
• Document npm package provenance and SLSA attestation chain

Compliance Mapping

• Verify ISO 27001:2022 Annex A control mapping is complete and current
• Verify NIST CSF 2.0 function mapping
• Verify CIS Controls v8.1 mapping
• Verify NIS2 Article 21 compliance mapping
• Verify EU CRA essential requirements mapping
• Document GDPR considerations for political data processing

🔧 Required Updates — THREAT_MODEL.md

Full STRIDE Re-execution for v0.8.76

• Spoofing: Verify all authentication controls (OIDC, MCP tokens, npm provenance)
• Tampering: Verify all integrity controls (SRI, signed commits, schema validation, analysis gate)
• Repudiation: Verify all audit controls (GitHub audit log, CloudTrail, Actions logs)
• Information Disclosure: Verify all confidentiality controls (no secrets in code, minimal data exposure)
• Denial of Service: Verify all availability controls (CDN, DR fallback, rate limiting)
• Elevation of Privilege: Verify all authorization controls (least privilege, RBAC, workflow permissions)

New Threat Boundaries for Political Intelligence

• Document threat boundary: AI agent consuming analysis templates (prompt injection via template content)
• Document threat boundary: Analysis gate bypass (malformed artifact structure)
• Document threat boundary: Methodology-reflection validation circumvention
• Document threat boundary: Political classification manipulation (bias injection)
• Document threat boundary: Cross-session intelligence correlation (unintended data leakage)
• Document threat boundary: Horizon stratification data poisoning (future projections manipulated)

MITRE ATT&CK Mapping

• Verify all technique mappings are current
• Add mappings for AI/ML-specific attack techniques (AML framework)
• Document supply chain attack vectors for MCP servers
• Map prompt injection to relevant ATT&CK techniques

Threat Agent Classification

• Verify threat agent profiles (nation-state, hacktivist, competitor, insider)
• Add AI-specific threat agents (adversarial ML, automated prompt injection)
• Document upstream data provider compromise scenarios
• Assess political motivation threats specific to parliament monitoring

🔧 Required Updates — CRA-ASSESSMENT.md

Essential Requirements Verification (Annex I)

• SBOM completeness: Verify all dependencies including analysis/methodology/template ecosystem
• Secure by design: Document analysis gate as a secure-by-design control
• Secure by default: Verify no optional insecure modes exist
• Confidentiality & integrity: Document integrity controls for political intelligence output
• Availability: Verify dual-region + DR fallback documentation is current
• Attack surface minimisation: Document static site + agentic-only write model
• Known-vulnerability handling: Verify SLA compliance (Crit 24h / High 7d / Med 30d / Low 90d)
• Security update mechanism: Verify npm + GitHub releases channel documentation

Vulnerability Handling (Annex I §2)

• Document incident handling for data-quality events (upstream poisoning)
• Document incident handling for agentic workflow compromise
• Verify BCPPlan.md alignment with CRA incident requirements
• Document responsible disclosure process for political intelligence concerns

Technical File Completeness

• Verify all CRA technical file documents exist and are current
• Cross-reference: SECURITY_ARCHITECTURE.md, THREAT_MODEL.md, BCPPlan.md, WORKFLOWS.md, DATA_MODEL.md, CRA-ASSESSMENT.md
• Document conformity evidence chain from control → implementation → test → audit

✅ Acceptance Criteria

• All three documents reflect v0.8.76 current security posture
• Full STRIDE analysis covers all trust boundaries including political intelligence surface
• Analysis gate documented as a security control with bypass resistance assessment
• All Mermaid security diagrams render correctly
• Compliance mappings verified against latest framework versions
• No placeholder content — only verifiable current-state security facts
• Version bumped, changelog entry added for each document
• Cross-references between security documents are consistent

🤖 Recommended Agent

security-architect — Security architecture, STRIDE, compliance mapping, threat modeling expertise

📚 References

• Current: SECURITY_ARCHITECTURE.md v2.3, THREAT_MODEL.md v1.2, CRA-ASSESSMENT.md v1.3
• scripts/agentic/analysis-gate.ts — Security control (checks 1-9b)
• scripts/validate-methodology-reflection.ts — Integrity validation
• .github/workflows/README.md — Workflow security documentation
• BCPPlan.md — Business continuity and incident handling
• Hack23 ISMS-PUBLIC — All security policies
• Vulnerability_Management — SLAs
• Incident_Response_Plan
• Threat_Modeling
• Secure_Development_Policy

🏷️ Labels

documentation, security, architecture