Skip to main content

Which ISO/SAE 21434 clauses does the TARA solution cover?

The TARA solution maps to key ISO/SAE 21434 clauses through its structured workflow and data model:
  • Clause 8 (Threat Analysis and Risk Assessment) — The five-step Risksheet workflow covers threat identification, feasibility scoring, impact assessment, risk verdict computation, and treatment decision.
  • Clause 9 (Concept Phase) — Cybersecurity goals and CAL levels are captured as dedicated work item types linked to TARA records.
  • Clause 10 (Product Development) — Requirements traceability from risk controls through system/design requirements to test cases is shown in the Req & Verification view.
  • Clause 15 (Cybersecurity Case) — The Cybersecurity Case dashboard aggregates TARA results into an assurance argument.
See ISO/SAE 21434 Clause Coverage for the complete clause-to-feature mapping.

How are Cybersecurity Assurance Levels (CAL) determined?

CAL values (CAL 1 through CAL 4) are assigned to cybersecurityGoal work items and represent the required rigor of security development activities. The Risksheet enforces minimum CAL requirements based on the risk verdict:
VerdictMinimum CAL
5 (critical)CAL 4
4 (high)CAL 3
3 (moderate)CAL 2
1—2 (low)CAL 1
The calDecorator automatically validates this mapping and displays a red warning badge (“min CAL N”) when the assigned CAL falls below the required minimum. CAL 4 represents the highest assurance burden, analogous to ASIL D in functional safety, and may require independent third-party review. See Cybersecurity Assurance Levels (CAL) for full definitions.

How does the TARA solution support audit trails?

The solution provides audit trails at two levels:
  • Work item workflow — TARA records, cybersecurity goals, and risk controls follow a lifecycle (draft, inProgress, inReview, pendingApproval, approved, rejected, obsolete). The AtLeastOneApprovedAndNooneDisapproved condition gates approval, and all terminal transitions require a resolution field.
  • Document workflow — Risk Specification modules use electronic signatures (draft, inReview, approved, published). Rework invalidates all prior signatures automatically.
Reopening an approved item or reworking a document invalidates all prior electronic signatures, ensuring approval records always reflect reviewed content.
See Risk Specification Document Workflow for the complete lifecycle.

What are the four risk treatment options and their compliance implications?

The TARA solution implements all four ISO/SAE 21434 risk treatment strategies as the treatmentChoice enumeration:
  • Avoiding — Eliminates the risk entirely by removing the threat source. Requires linking a cybersecurity goal.
  • Reducing — Applies security controls to lower risk to an acceptable level. Requires linking a cybersecurity goal and creating risk control work items.
  • Sharing — Transfers risk responsibility to another party (e.g., via a Cybersecurity Interface Agreement with a supplier). Requires a documented claim in taraClaims.
  • Retaining — Accepts the residual risk with documented justification. Requires a written rationale in taraClaims and typically needs explicit sign-off.
The Risksheet enforces these requirements through the goalHighlight and claimHighlight decorators. See Risk Treatment Choice for enum details.

How does the CIAx security property model extend the standard CIA triad?

The TARA solution uses an extended CIAx model with six security properties on each TARA record, going beyond the traditional Confidentiality-Integrity-Availability triad:
  • Confidentiality — Protection against unauthorized disclosure
  • Integrity — Protection against unauthorized modification
  • Availability — Protection against denial of service
  • Authenticity — Assurance of verified origin (maps to Spoofing in STRIDE)
  • Authorization — Assurance that only permitted actions are executed (maps to Elevation of Privilege in STRIDE)
  • Non-repudiation — Assurance that events cannot be denied after the fact (supports forensic and audit requirements)
This extended model aligns with automotive cybersecurity needs where incident forensics and access control are critical beyond basic CIA. See CIAx Security Properties for the full enumeration.

Does the solution support UNECE R155 compliance?

The TARA workflow supports UNECE R155 CSMS evidence requirements through structured threat analysis, documented treatment decisions, and full traceability from threats through controls to verification. Electronic signature workflows produce formal approval records for type approval submissions. The Cybersecurity Case dashboard consolidates this evidence. See Cybersecurity Case and Assurance Argument for the assurance argument structure.

How is traceability maintained from threats to test cases?

The solution maintains a complete chain through Polarion link roles: TARA Record —(mitigates)—> Risk Control <—(back-link)— sysReq/desReq <—(back-link)— Test Case. The 5. Req & Verification view renders this using Velocity server-side traversal, providing ISO/SAE 21434 Clause 10 verification evidence. See Traceability Chain for the complete link model.
Use the TARA Summary Report and Cybersecurity Case Dashboard to generate audit-ready views of your TARA analysis status, treatment completion rates, and traceability coverage.