TARA Analysis Workflows
The core 5-step ISO/SAE 21434 analysis process:- Identify Threats and Damage Scenarios — Select stakeholders, CIAx properties, and threat scenarios for each TARA record
- Score Attack Feasibility — Rate the five EVITA factors (TIME, EXP, KNOW, WOO, EQP) and interpret the computed feasibility
- Assess Risk Verdict — Set impact levels and review the auto-computed verdict from the risk matrix
- Define Risk Treatment — Choose a treatment strategy, link Cybersecurity Goals or write claims, and create risk controls
- Link Requirements and Verification — Connect risk controls to requirements and test cases for full traceability
- Use Shared Threat Scenario and Stakeholder Catalogs — Work with centralized catalogs for consistent threat identification
Solution Setup and Configuration
Initial project setup and configuration tasks:- Create System Elements — Build the vehicle architecture hierarchy
- Create a New TARA Module — Create and link a TARA Risksheet to a system element
- Configure Cybersecurity Goals and CAL — Set up goals with assurance levels
- Add Risk Controls and Link to TARA Records — Create and connect risk control work items
- Configure Risksheet Views for TARA — Customize views and column visibility
Dashboard and Reporting Guides
Navigate and interpret the built-in dashboards:- Read the TARA Summary Report — Interpret verdict distributions and coverage gaps
- Read the Cybersecurity Case Dashboard — Review the assurance argument and case status
- Navigate the Risks Home Dashboard — Use the central TARA navigation hub
Approval Workflows
Document review and approval processes:- Review and Approve a TARA Document — Submit for review and approve with signatures
- Rework a TARA Document — Handle review findings and re-submit