Prerequisites
- Cybersecurity goals (
cybersecurityGoal work items) have been created and linked to TARA records
- TARA records have completed feasibility and impact assessment (verdicts computed)
- Cybersecurity requirements (
sysReq with classification = cybersecurity) exist in the tracker
Steps
1. Open the Cybersecurity Case
Navigate to Risks Home and click Cybersecurity Case in the quick links, or go directly to the wiki page at Risks/Cybersecurity Case.
The header shows live counts for goals, TARA records, and cybersecurity requirements in the project.
2. Review Cybersecurity Goals Summary
The first section lists all cybersecurityGoal work items in a table:
| Column | Content |
|---|
| ID | Clickable link to the work item detail |
| Cybersecurity Goal | Goal title text |
| CAL | Cybersecurity Assurance Level badge (color-coded) |
| CIAx | The goalCiaxProperty security dimension |
| Status | Work item workflow status |
| Level | Color | Hex |
|---|
| CAL 1 | Green | #4CAF50 |
| CAL 2 | Orange | #FF9800 |
| CAL 3 | Red | #f44336 |
| CAL 4 | Dark red | #b71c1c |
If no cybersecurity goals exist, the section displays a warning alert with a direct link to the Tracker filtered by cybersecurityGoal type. Create your goals before using this dashboard for compliance review.
3. Check the TARA Coverage Summary
Six verdict distribution cards (V1—V5 plus Unclassified) show the project-wide count of TARA records at each risk level. The color scheme matches the TARA Summary Report.
A conditional alert banner indicates the overall risk posture:
- Danger: V4/V5 records remain — the case cannot be closed
- Warning: V3 records require monitoring but do not block closure
- Success: All records at V1/V2 — acceptable risk levels achieved
4. Verify Cybersecurity Requirements Traceability
This section lists all sysReq work items classified as cybersecurity (filtered by classification.KEY:cybersecurity):
| Column | Content |
|---|
| ID | Clickable link to the requirement |
| Requirement | Title text |
| Status | Workflow status (Draft, Approved, etc.) |
If no requirements appear, ensure the classification field on your sysReq items is set to cybersecurity. The dashboard provides a direct link to the filtered Tracker view.
5. Examine the Residual Risk Summary
This table lists TARA records with taraVerdict >= 4 (unacceptable risk):
| Column | Content |
|---|
| ID | Clickable link to the TARA record |
| Damage Scenario | The damageScenario field value |
| Verdict | Color-coded verdict badge (V4 red, V5 dark red) |
| Treatment | The treatmentChoice value (Reducing, Avoiding, Sharing, Retaining) |
| Treatment Status | Current treatmentStatus (Planned, Ongoing, Completed) |
6. Read the Conclusion
The final section summarizes the case with bullet-point statistics and a binary status gate:
- OPEN (red): Unacceptable risks remain. Additional controls are required.
- READY FOR REVIEW (green): All risks at acceptable levels. The case can proceed to formal assessment.
The case status shown here is a live indicator, not an enforced workflow gate. Combine it with the riskSpecification document workflow for formal sign-off with electronic signatures. Verification
Confirm the Cybersecurity Case is ready for review:
