How do I start a new TARA analysis?
Create a new Risk Specification document using the TARA Template, which pre-configures the Risksheet with all required columns, views, and formulas. The document starts in draft status. Begin by defining your system elements, then populate TARA records following the five workflow views in order. See Create Your First TARA Module for a step-by-step walkthrough.
What are the five Risksheet workflow views?
The TARA Risksheet provides five sequential views that guide you through the ISO/SAE 21434 analysis process:
- 1. Identify Threats — Define stakeholders, CIAx properties, damage scenarios, and threat scenarios
- 2. Assess Feasibility — Score five attack factors (Elapsed Time, Expertise, Knowledge, Window of Opportunity, Equipment) to compute attack feasibility
- 3. Risk Assessment — Set impact levels and review the auto-computed risk verdict (1—5)
- 4. Risk Treatment — Choose a treatment strategy (avoiding, reducing, sharing, retaining) and link cybersecurity goals or document claims
- 5. Req & Verification — Verify traceability from risk controls through requirements to test cases
Each view shows only the columns relevant to that phase, reducing cognitive load. For full details, see The 5-Step TARA Workflow.
How is attack feasibility calculated?
The Risksheet uses the feasibilityFormula to compute feasibility automatically from five EVITA-based attack factors: attackTime, attackExpertise, attackKnowledge, attackWoo (Window of Opportunity), and attackEquipment. Each factor maps to a numeric score. The formula sums all five scores and classifies the result into four levels:
- High — aggregate score 0—13
- Medium — aggregate score 14—19
- Low — aggregate score 20—24
- Very Low — aggregate score above 24
The feasibility field remains blank until all five attack factor fields are populated. Partially filled records will not show a feasibility rating.
How does the risk verdict work?
The verdictFormula computes a risk verdict score from 1 (lowest risk) to 5 (highest risk) using a 4x4 matrix of taraImpact (severe, major, moderate, negligible) crossed with taraFeasibility (high, medium, low, veryLow). Both values must be set before the verdict computes. The verdict cell is color-coded from green (1) through red (5), and the row header also reflects the verdict color for quick visual scanning. Negligible impact always yields verdict 1 regardless of feasibility. See Risk Verdict Matrix for the full matrix table.
What happens after I set a treatment choice?
Each TARA record requires one of four treatment strategies: avoiding, reducing, sharing, or retaining. The Risksheet enforces completeness through two validation decorators:
- If you select reducing or avoiding, the Cybersecurity Goal cell highlights orange with “Goal required” until you link a cybersecurityGoal work item.
- If you select retaining or sharing, the Claims cell highlights orange with “Claim required” until you provide a written justification in the taraClaims field.
You also track progress using the treatmentStatus field (planned, ongoing, completed). See Define Risk Treatment for the complete treatment workflow.
What does the Overview view show?
The Overview is the default view loaded when you open a TARA module. It displays the complete risk picture in a single table: stakeholder, damage scenario, threat scenario, impact, feasibility, verdict, treatment, cybersecurity goal, CAL, and claims. This view is designed for management review, not data entry. See Risksheet Views Reference for all available views.
How does the row hierarchy work in the Risksheet?
TARA records are organized into a 5-level hierarchy: Stakeholder, CIAx Property, Damage Scenario, Threat Scenario, and Threat Path. You can collapse or expand the sheet at any level to navigate between high-level summaries and detailed analysis. The default sort order matches this hierarchy, grouping records by stakeholder first, then by CIAx property, and so on. The verdict score remains visible even in collapsed views through the collapseTo configuration.
Can I see requirements and test coverage in the Risksheet?
Yes. The 5. Req & Verification view shows two server-rendered columns that traverse Polarion link relationships. The Requirements column displays sysReq and desReq items linked to each risk control. The Verification column shows test cases linked to those requirements. This provides the full traceability chain: TARA record to risk control to requirement to test case. See Link Requirements and Verification for details.
Column groups are color-coded by analysis phase (purple for Threat Identification, blue for Attack Feasibility, red for Risk Assessment, green for Risk Treatment). Use these visual cues to quickly orient yourself within any Risksheet view.
