CC-S-1 — Attacker impersonates internal service (no service mesh)
Component: Cross-Cutting. Mitigations: mTLS where configured; network zone controls. Action: Evaluate service mesh (e.g. Istio) for mutual authentication of all inter-service calls
| Property | Value |
|---|---|
| Section | Spoofing |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-TRANS-01 | TLS 1.2+ Minimum with Configurable Version |
| SID-TRANS-02 | OpenID4VCI Credential Issuance Protocol |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md