What is the TARA solution?
The TARA solution is a Nextedy Solutions package for Polarion ALM that implements ISO/SAE 21434 Threat Analysis and Risk Assessment. It provides a pre-configured Risksheet template, purpose-built work item types, automated scoring formulas, dashboard reports, and a formal document approval workflow. The solution enables cybersecurity engineers to perform structured threat analysis directly inside Polarion, with full traceability from threats through goals to requirements and verification. See the TARA Solution Overview for a complete introduction.What standards does the TARA solution support?
The solution is primarily aligned to ISO/SAE 21434:2021 — Road Vehicles — Cybersecurity Engineering. It covers Clause 6 (Cybersecurity Management), Clause 9 (Item Definition), Clause 10 (Cybersecurity Goals and Concept), Clause 12 (Verification), and Clause 15 (TARA). Attack feasibility scoring follows ISO/SAE 21434 Annex G. The solution also supports UNECE R155 compliance by producing TARA evidence artifacts required for Cyber Security Management System (CSMS) certification. See ISO/SAE 21434 Clause Coverage for the full mapping.What Nextedy products does the TARA solution use?
The TARA solution is built on Nextedy Risksheet, which provides the spreadsheet-style analysis interface within Polarion documents. The solution does not use PowerSheet YAML configurations — all sheet configuration is stored asrisksheet.json attachments on document modules. The RTM domain model (rtm.yaml) is minimal, declaring only five entity types with no explicit relationships. See the RTM Domain Model for details.
What work item types are included?
The solution defines six TARA-specific work item types plus standard Polarion types:| Type | Purpose |
|---|---|
| TARA Record | Core analysis record with threat, feasibility, verdict, and treatment |
| Cybersecurity Goal | Security objective with CAL level |
| System Element | System/subsystem/component hierarchy |
| Threat Scenario | Reusable threat catalog entries |
| Risk Control | Concrete countermeasures |
| Stakeholder | Impact scope entities |
What dashboards and reports does the solution provide?
The solution includes four Velocity-rendered dashboards plus instructional wiki pages:| Dashboard | Purpose |
|---|---|
| Project Home | Central dashboard with statistics, system navigator, and quick links |
| Risks Home | TARA-focused view with document status |
| TARA Summary Report | Verdict distribution, coverage tree, and action items |
| Cybersecurity Case | ISO/SAE 21434 Clause 6.4.6 assurance argument |
What is the reference application in the demo project?
The TARA Demo project models a Connected Electric Vehicle with ADAS (Advanced Driver Assistance Systems) as the reference application. The system element hierarchy includes an ADAS Control System at the top level, with Perception Unit and Connectivity Gateway subsystems, and components like Sensor Fusion ECU, Forward Camera Module, V2X Transceiver, and Telematics Control Unit. All tutorial examples and sample data are grounded in this automotive cybersecurity context.How does the TARA solution differ from a FMEA or HARA solution?
The TARA solution focuses exclusively on cybersecurity threat analysis per ISO/SAE 21434. It does not include failure mode analysis (FMEA), hazard and risk assessment (HARA), ASIL determination, or risk priority numbers (RPN). The scoring model uses five attack potential factors (Elapsed Time, Expertise, Knowledge, Window of Opportunity, Equipment) mapped to feasibility levels, combined with impact assessment to produce a verdict (1—5). For functional safety analysis, a separate solution template would be needed. See Attack Feasibility Scoring (EVITA) for the scoring model details.Can I create multiple TARA modules in one project?
Yes. Each TARA module is a separateriskSpecification document linked to a specific system element via the systemElementId document custom field. The TARA Demo project includes four modules covering different system elements at system, subsystem, and component levels. The Risks Home Dashboard shows all modules with their workflow status, and the TARA Summary Report aggregates verdict statistics across all modules.
See also: TARA Workflow Questions | Configuration Questions | Compliance Questions