Asset Name
Purpose
Describe what the asset is and why it exists.
Asset Type
- Infrastructure / Platform / Information / Business Capability
Description
- Functional description
- Role in the environment
Criticality
- Low / Medium / High / Critical
- Based on operational impact (availability + service dependency)
Sensitivity
- Public / Internal / Sensitive / Highly Sensitive
- Based on confidentiality of data handled or processed
Exposure Level
- Internal only / Restricted / Exposed / Public
- Evaluated relative to trust boundaries
Trust Zone
- Hell / Heaven / Internal / Hybrid
Dependencies
- Hard dependencies required for operation
Relationships
- Interaction with other assets (logical coupling only)
Security Position (Architecture Context)
- Attack surface overview (high-level only)
- Role in trust model (entry point, backend, admin plane, etc.)
- Exposure contribution (why it matters structurally)
Existing Protective Measures
- High-level safeguards (access restriction, segmentation, backups, etc.)
- No detailed control logic (handled in Control Framework)
Owner / Responsibility
- Functional owner (Ops / Sec / Dev)
Notes
- Additional context or evolution notes