Security Guidance page 124: When designing an encryption system, you should start with a threat model. For example, do you trust a cloud provider to manage your keys? How could the keys be exposed? Where should you locate the encryption engine to manage the threats you are concerned with?

B. True When designing an encryption system, it is highly recommended to start with a threat model. A threat model helps identify potential risks, vulnerabilities, and attack vectors that the encryption system may face. It involves analyzing the system's assets, potential adversaries, and the potential impact of successful attacks. By understanding the threats and risks, designers can make informed decisions about the appropriate encryption algorithms, key management practices, and overall system architecture. Threat modeling allows designers to identify potential weaknesses in the encryption system and make proactive decisions to mitigate those risks. It helps ensure that the encryption system is designed to effectively protect sensitive data and withstand potential attacks. Therefore, starting the design process with a threat model is an important step in developing a robust and secure encryption system.

From Security Guidance v4. Section 11.1.4.2, Page 124: When designing an encryption system, you should start with a threat model. For example, do you trust a cloud provider to manage your keys? How could the keys be exposed? Where should you locate the encryption engine to manage the threats you are concerned with?