Does STRIDE cover safety risks?

STRIDE classifies threats; the safety implications are evaluated separately in your ISO 14971 risk management file. The bridge between them is required - every STRIDE-identified threat that could cause patient harm must be evaluated as a safety risk.

It's older but still effective for systematic enumeration. For complex systems, teams often combine STRIDE with attack trees or LINDDUN (privacy-focused) for richer coverage.

All terms

CybersecurityAI / ML in Devices Connected & Cyber-Physical DevicesSTRIDE

STRIDE Threat Model

A six-category framework for enumerating threats: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege.

Reviewed by Christian Espinosa, Founder, Blue Goat CyberLast reviewed May 5, 2026

Definition

STRIDE is a threat-classification taxonomy developed by Microsoft in the late 1990s and now the de-facto threat-modeling vocabulary in medical device cybersecurity. The acronym stands for Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privilege - six classes of threat that map onto the security properties of authentication, integrity, non-repudiation, confidentiality, availability, and authorization. STRIDE is used to systematically walk every element of a data-flow diagram and ask, for each, which of the six threat classes apply and how they would be mitigated.

What the regulation says

FDA's 2023 cybersecurity guidance and AAMI TIR57:2016 both reference STRIDE as an example threat-modeling methodology. FDA does not mandate STRIDE specifically, but reviewers expect the threat model to use a recognized methodology applied systematically - STRIDE is by far the most common in submissions and reviewers are accustomed to its structure.

What this means in practice

STRIDE shines when paired with a data-flow diagram (DFD) that shows trust boundaries between subsystems. The team walks each element (process, data store, external entity, data flow) across each STRIDE category, recording threats, likelihood/impact, and mitigations. The output feeds the cybersecurity risk assessment and links to ISO 14971 safety harms.

Common pitfalls

•Applying STRIDE without a current data-flow diagram - there's nothing systematic to walk.
•Conflating STRIDE categories (e.g., logging Information disclosure threats as Tampering).
•Stopping at threat enumeration without scoring likelihood/impact and selecting mitigations.

Frequently asked questions

STRIDE-per-element walks each DFD element through all six categories. STRIDE-per-interaction walks each data flow's source/destination/data combinations. Per-interaction is more thorough; per-element is faster. Most MedTech teams use per-element for breadth and per-interaction on high-risk paths.

Cross-references

Used by

Things that build on this term.

Threat Modeling

Primary references

3 sources

Link health: 1 verified 1 bot-blocked 1 needs review· last checked 2026-05-09

Microsoft·1AAMI·1FDA·1

Inline markers like [1] jump to the matching reference above.

On this term

Category: Cybersecurity
Acronym: STRIDE
Sources: 3
Updated: 5/5/2026

Compare with another term

Learn in 60 seconds

A six-category framework for enumerating threats: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege.

·STRIDE shines when paired with a data-flow diagram (DFD) that shows trust boundaries between subsystems.
·The team walks each element (process, data store, external entity, data flow) across each STRIDE category, recording threats, likelihood/impact, and mitigations.
·The output feeds the cybersecurity risk assessment and links to ISO 14971 safety harms.

Remember this

Watch out: Applying STRIDE without a current data-flow diagram - there's nothing systematic to walk.

Related terms

You may also need

Auto-suggested from Cybersecurity and shared keywords.

All Cybersecurity terms

From the Blue Goat network

Related resources and services on this topic.