Table of Contents
IriusRisk Team
IriusRisk Team
|
The Threat Modeling Experts
November 20, 2025

Product Release 4.49

Overview

This release details many new features and improvements, including:

  • Component Questionnaire Builder
  • See Component Threats & Countermeasures in the Diagram
  • Beta: Risk Controls Summary and Evidence (for FDA) Report
  • And a lot more...

Take a look at the full information below, or go directly to the Release Notes here.

Component questionnaire builder

Users can now design and manage component questionnaires from a single, intuitive screen; creating, ordering, and previewing tabs, questions, and answers in one place. This streamlined interface boosts efficiency, clarity, and control. Previously, component questionnaires were generated through a complex rule-based system that was difficult to navigate and error-prone. Multiple overlapping rules created confusion, slowed productivity, and made the process hard to manage.

Solution:

  • Create and organize tabs, questions, and answers easily.
  • Add conditions and actions to control logic and behavior.
  • Preview the questionnaire in real time.

Show component threats & countermeasures in the diagram

Practitioners can now stay fully in flow while analyzing and mitigating risks. Users can view, assess, and act on a component’s security details directly from the Diagram screen — no more switching between views. This enhances productivity, and increases user adoption.Previously, users had to constantly move between the diagram view, threat lists, and countermeasure screens to complete their analysis. This context switching disrupted focus, slowed down progress, and made the overall process feel fragmented. 

Solution: 

  • Access each component’s Threats and Countermeasures directly from the Diagram view.
  • Review and act on security details instantly via new tabs in the Component Details sidebar.
  • Eliminate unnecessary navigation to maintain focus and efficiency.

Risk controls summary and evidence (for FDA) report

Medical device manufacturers can now generate a Risk Controls Summary and Evidence (for FDA) Report. This streamlines the cybersecurity documentation process required for FDA premarket submissions. It saves time, reduces manual effort, and ensures alignment with regulatory expectations. Previously, organizations had to extract and map threats, risks, and countermeasures from their threat models into structured reports that align with FDA cybersecurity guidance. This manual mapping created inefficiencies and increased the risk of inconsistencies.

Solution: 

  • Structured Report Generation: Automatically generate a Cybersecurity TM FDA report organized in line with the latest FDA cybersecurity guidance for premarket submissions.
  • Relevant Threat Modeling Content: Such as identified threats, calculated risks, and applied countermeasures — relevant to the cybersecurity documentation required by the FDA.
  • Clear Naming and Tracking: Easily name, organize, and manage your reports throughout the submission lifecycle.

Supporting Rally for Custom Issue Trackers

Teams using Rally can now integrate it as a custom issue tracker in the same way they already do with Jira — enabling consistent workflows, seamless issue management, and broader tool flexibility.Previously, users relying on Rally lacked native support, forcing them to manage issues outside IriusRisk or build workarounds. This limited efficiency and created inconsistencies across teams using different tracking tools.

Solution:

  • Full Rally integration, including creating, updating, and deleting issues directly from IriusRisk.
  • The design mirrors the existing Jira experience for clarity and ease of use.
  • The feature has been fully tested, validated, and is now ready for use across all supported issue tracking setups.

Increased transparency for user access 

Users gain a clearer, more organized view of permissions and roles across all scopes — from global to Business Unit levels. The redesigned Edit User view makes it easier to understand how roles are assigned and inherited, improving transparency and user management efficiency. Previously, user permissions and roles were spread across multiple screens, making it difficult for administrators to quickly understand a user’s access or role inheritance.

Solution: A redesigned interface features a new tabbed layout for improved navigation and clarity. It has four dedicated tabs:

  • Details: Displays user profile information (name, username, email).
  • Permissions: Shows Global and default Project Roles, depending on authentication type.
  • Business Units: Lists assigned BUs with read-only Project Roles and provides quick links to BU details. - Please note this is the very first step to improving visibility. More will follow in subsequent releases! 
  • Settings: Manages API tokens, password resets, and active sessions.

Including questionnaire answers when duplicating components

Now you can instantly clone any component in your diagram, including its questionnaire answers. You can choose whether to copy those answers or start fresh. It’s a simple, time-saving improvement that keeps you in the flow, reduces rework, and makes diagramming faster and smoother than ever.

Continuous Improvements

User role visibility in profiles

User profiles now display each person’s specific role within their Business Unit, alongside the unit name. This improvement eliminates the need to manually search through Business Units to identify user roles, making it easier to understand team responsibilities at a glance.

Improved navigation from Project Component details to source projects

In the Source of threats section of a Project Component, the link to the source project now opens in a new tab and includes a clear “new tab” icon. This prevents users from losing their place in the Component List and makes it easier for Security Experts to explore source project details without breaking their workflow.

New Components and Standards

New Content

Updated MITRE reference values to match the latest version

Added CIS standard references and CIS URLs as references for IriusRisk countermeasures related to:

  • CIS Amazon Web Services Foundations Benchmark
  • CIS Docker Benchmark
  • CIS Google Cloud Platform Foundations Benchmark
  • CIS Kubernetes Benchmark
  • CIS Microsoft Azure Foundations Benchmark
  • CIS Oracle Cloud Infrastructure Foundations Benchmark

New Components

Network 

  • SD-WAN Gateway
  • SD-WAN Orchestrator

Release Notes and Documentation

For more information, see Version 4.49 Release Notes or check out our Documentation.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon - Customer Research, Product Discovery, and Early Access. Join today.

Swaggerhub & Github

Find out more of what you need in GitHub and Swaggerhub Repos:

https://app.swaggerhub.com/apis/continuumsecurity/IriusRisk/1.24.0 - We provided this featured API to allow for deeper customer integrations as well as enable very flexible automations within the many varied environments IriusRisk needs to operate.

https://iriusrisk.github.io/iriusrisk-api/v2/latest/- Please note that this version of the API is currently in beta. While it offers advanced features for deeper integrations and flexible automations, we reserve the right to make breaking changes during this phase and encourage caution in production environments.

https://github.com/iriusrisk/IriusRisk-Central - Provides content useful for IriusRisk threat modelling, including templates, API scripts, libraries and more.

Logos of the European Union with text 'Funded by the European Union NextGenerationEU', the Spanish Government Ministry of Economic Affairs and Digital Transformation, red.es, and the Plan de Recuperación, Transformación y Resiliencia.

FAQs

keyboard_arrow_down

keyboard_arrow_down

keyboard_arrow_down

keyboard_arrow_down

keyboard_arrow_down