Skip to main content

Security Requirements Note (SRN)

Ticket / Issue ID: #### Feature / Change Title: Short, descriptive title.

1) Change Summary

Briefly describe the feature or change and its purpose.

2) Security Impact

  • Sensitivity:
    • Low
    • Medium
    • High
  • Reasoning: One line explaining the sensitivity rating.

3) Trust Boundaries

List affected components or interfaces (internal or external) and any sensitive data involved.

4) AuthN / AuthZ

  • AuthN required: Yes/No
  • AuthZ checks: Yes/No — If yes, which roles?

5) Data Handling

  • Storage / encryption changes? Yes/No
  • Transit encryption changes? Yes/No
  • Schema changes? Yes/No

6) Threat Model Delta

Note any new threats introduced or existing mitigations impacted. Link to threat model delta if necessary

7) Secure Defaults & Config

List new config flags/env vars and confirm if defaults are secure.

8) Testing Notes

Security control tests added/updated? Yes/No