This document should be read along side of TAS3 architecture documents. It is a requirement that secure architecture addresses all known threats. Therefore this document effectively specifies security related requirements (other more business oriented requirements are discussed in other documents) for the architecture.
Once architecture documents stabilize, the intent is to reference here the specific parts that solve these threats.
Our goal is to answer all threats specified in [NIST-SP800-30]. For programmers [Meier09] provides a good check list and [Meier08] a short list for those in a hurry. Further threats in [NIST-SP800-42] are addressed as well.