Which threat modeling frameworks are given as examples in the threat modeling process?

Threat modeling uses structured frameworks to categorize and analyze potential threats. STRIDE provides a mnemonic to identify threat types—Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege. PASTA guides a risk-centric approach with stages from understanding business objectives to assessing and mitigating risks. These are classic examples discussed in the threat modeling process because they give systematic ways to surface and evaluate threats. In contrast, MITRE ATT&CK is a knowledge base of attacker techniques, not a threat-modeling framework, while NIST SP 800-53 and CIS Benchmarks focus on controls and configurations rather than modeling threats. Therefore, the combination of STRIDE and PASTA is the best fit.