Process for tracking and managing the STRA lifecycle. Security Threat and Risks Assessments (STRA) must be conducted for all new IT systems and for substantial updates to existing systems.