Threat Analysis and Risk Assessment (TARA) for ISO/SAE 21434, built on Nextedy Risksheet in Polarion ALM. Analyze cybersecurity threats across your vehicle architecture, score attack feasibility, determine risk verdicts, and trace treatment decisions through to verification.
Key Features
| Feature | Description |
|---|
| 5-Step TARA Workflow | ISO/SAE 21434 Clause 15 threat analysis in a structured Risksheet |
| EVITA Feasibility Scoring | 5-factor attack potential rating per ISO 21434 Annex G |
| Risk Verdict Matrix | Impact x Feasibility produces verdicts 1—5 with color-coded heat map |
| Dual-Track Traceability | Goal Track and Control Track from threat through to test case verification |
| Shared Catalogs | Reusable Threat Scenario and Stakeholder catalogs across all TARA modules |
| Cybersecurity Case Dashboard | ISO 21434 Clause 6.4.6 assurance argument with coverage evidence |
Documentation Structure
| Section | What You Will Find |
|---|
| Getting Started | Install the solution, create your first TARA module, walk through the 5-step workflow |
| Concepts | ISO 21434 coverage, data model, traceability chain, scoring algorithms, system element hierarchy |
| How-To Guides | Step-by-step procedures for TARA analysis, setup, dashboards, and approval workflows |
| Reference | Work item types, enumerations, Risksheet configuration, formulas, dashboards, RTM model |
| FAQ | Answers to common questions about TARA workflow, configuration, and ISO compliance |
Quick Start
- Install — Deploy the TARA solution into your Polarion project. See Install the TARA Solution.
- Model your system — Create system elements with the
systemElement type. See Create System Elements.
- Create a TARA — Open Risksheets, select TARATemplate, and link to a system element. See Create Your First TARA Module.
- Analyze threats — Walk through all 5 steps. See The 5-Step TARA Workflow.
- Review and approve — Use the document workflow to send for review. See Review and Approve a TARA Document.
The TARA solution uses Nextedy Risksheet as its primary analysis tool. All TARA records are edited exclusively inside the Risksheet interface — not in standard Polarion work item forms.
