First, a Data Flow Diagram (DFD) of the cloud infrastructure is reviewed.
A Threat Model of the cloud infrastructure will be created.
Non-Functional Security Requirements (NFSR) documents that highlight security best practices and hardening guidelines of the entire technology stack in scope will be created.