Location: /polarion/#/project/{projectId}/wiki/Risks/Cybersecurity%20Case
ISO/SAE 21434 Alignment: Clause 6.4.6 — Cybersecurity Assurance Argument
| Field | Value |
|---|
| Title | Cybersecurity Case |
| Subtitle | ISO/SAE 21434 Clause 6.4.6 — Cybersecurity Assurance Argument |
| Project ID | Live from $projectId |
| Generated Date | Page last-modified timestamp (YYYY-MM-DD) |
| Goals Count | Live count of cybersecurityGoal items |
| TARA Records Count | Live count of taraRecord items |
| CS Requirements Count | Live count of sysReq items with classification.KEY:cybersecurity |
Dashboard Sections
1. Cybersecurity Goals Summary
A table listing all cybersecurityGoal work items in the project:
| Column | Content |
|---|
| ID | Work item ID (linked to Polarion work item detail) |
| Cybersecurity Goal | Work item title |
| CAL | Cybersecurity Assurance Level badge (color-coded) |
| CIAx | CIAx security property (goalCiaxProperty field) |
| Status | Workflow status |
CAL Badge Colors
| CAL Level | CSS Class | Background Color | Meaning |
|---|
| CAL 1 | .cal-1 | #4CAF50 (green) | Lowest assurance |
| CAL 2 | .cal-2 | #FF9800 (orange) | Moderate assurance |
| CAL 3 | .cal-3 | #f44336 (red) | High assurance |
| CAL 4 | .cal-4 | #b71c1c (dark red) | Highest assurance |
If no cybersecurity goals exist, a warning alert appears with a direct link to the Polarion Tracker filtered to the cybersecurityGoal type, guiding users to create their first goal.
2. TARA Coverage Summary
Displays the same verdict distribution pattern used by the TARA Summary Report:
Verdict Distribution Cards:
| Card | Color | Hex Code |
|---|
| V1 | Green | #4CAF50 |
| V2 | Light green | #8BC34A |
| V3 | Amber | #FF9800 |
| V4 | Red | #f44336 |
| V5 | Dark red | #b71c1c |
| Unclassified | Grey | #5e6c84 |
| Condition | Alert | Message |
|---|
| V4 or V5 > 0 | danger | Unacceptable risk(s) remain — additional controls required before case closure |
| V3 > 0 (no V4/V5) | warning | Investigation-level risks require monitoring |
| All V1/V2 | success | All TARA records at acceptable risk levels |
3. Cybersecurity Requirements Traceability
A table listing all system requirements classified as cybersecurity:
| Column | Content |
|---|
| ID | Work item ID (linked) |
| Requirement | Work item title |
| Status | Workflow status |
project.id:{pid} AND type:sysReq AND classification.KEY:cybersecurity
This section requires the sysReq work item type to have a classification enum field with a cybersecurity key. If this field is missing or named differently, no requirements will appear.
If no cybersecurity requirements exist, a warning alert appears with a direct link to the Tracker filtered by classification.KEY:cybersecurity.
4. Residual Risk Summary
A table of TARA records with verdict 4 or higher:
| Column | Content |
|---|
| ID | Work item ID (linked) |
| Damage Scenario | damageScenario field value |
| Verdict | Verdict badge (V4 red, V5 dark red) |
| Treatment | treatmentChoice field value |
| Treatment Status | treatmentStatus field value |
| Verdict | CSS Class | Background |
|---|
| V1 | .v1 | #4CAF50 |
| V2 | .v2 | #8BC34A |
| V3 | .v3 | #FF9800 |
| V4 | .v4 | #f44336 |
| V5 | .v5 | #b71c1c |
When no records have verdict 4 or higher, a success alert confirms: “No unacceptable residual risks. All TARA records have been treated to Verdict 3 or below.”
5. Conclusion — Case Status Gate
The conclusion section provides:
-
Summary statistics (bullet list):
- Total cybersecurity goals
- Total TARA records analyzed
- Total cybersecurity requirements
- Remaining unacceptable risks (
highCount = V4 + V5)
-
Binary case status:
| Condition | Alert | Status | Meaning |
|---|
highCount > 0 | danger | OPEN | Case cannot be closed — V4/V5 items remain |
highCount == 0 | success | READY FOR REVIEW | All risks acceptable — case may proceed to sign-off |
The case status is a rendered indicator, not enforced by a Polarion workflow. For binding closure, combine this dashboard with the Risk Specification Document Workflow which provides formal approval with electronic signatures. Computed Metrics
| Metric | Derivation | Usage |
|---|
highCount | v4 + v5 | Case closure gate, alert logic |
v1 through v5 | Count of taraRecord items per taraVerdict value | Summary cards |
vNA | Count of taraRecord items with null/empty taraVerdict | Unclassified card |
Data Queries
| Query | Purpose | Lucene |
|---|
| Cybersecurity Goals | Goals table | project.id:{pid} AND type:cybersecurityGoal |
| TARA Records | Verdict counts + residual risk | project.id:{pid} AND type:taraRecord |
| CS Requirements | Traceability table | project.id:{pid} AND type:sysReq AND classification.KEY:cybersecurity |
All queries span the entire project. TARA records from all riskSpecification documents are aggregated into a single project-level view. There is no per-module filtering on this dashboard.
Velocity Macros Used
| Macro | Purpose |
|---|
#nxDocHeader() / #nxDocHeaderEnd() | Formal report header |
#nxDocInfoItem() | Header metadata fields |
#nxSummaryCards() / #nxSummaryCard() | Verdict KPI tiles |
#nxAlert() | Conditional banners |
#nxSection() / #nxSubsection() | Content sections |
#nxNavTableStyles() | Table styling |
#nxSpaceFooter() | Nextedy footer |
Related Pages
Source: Risks/Cybersecurity Case/page.xml 
