Factor Overview
| Factor | Field ID | Risksheet Header | Enum ID | Values | Score Range |
|---|---|---|---|---|---|
| Elapsed Time | attackTime | TIME | taraRecord-attackTime | 5 | 0-19 |
| Specialist Expertise | attackExpertise | EXP | taraRecord-attackExpertise | 4 | 0-8 |
| Knowledge of Item | attackKnowledge | KNOW | taraRecord-attackKnowledge | 4 | 0-11 |
| Window of Opportunity | attackWoo | WOO | taraRecord-attackWoo | 4 | 0-10 |
| Equipment | attackEquipment | EQP | taraRecord-attackEquipment | 4 | 0-9 |
rgba(96, 172, 238, 0.12)).
Maximum possible aggregate score: 19 + 8 + 11 + 10 + 9 = 57
Elapsed Time (attackTime)
Rates the time required to complete the attack. Higher time requirements reduce feasibility. Source:.polarion/tracker/fields/taraRecord-attackTime-enum.xml
| Enum ID | Label | Score | Description |
|---|---|---|---|
lte1d | <= 1 day | 0 | Attack completable within one day. Highest feasibility contribution. |
lte1w | <= 1 week | 1 | Attack requires up to one week. |
lte1mo | <= 1 month | 4 | Attack requires up to one month. Mid-range threshold. |
lte6mo | <= 6 months | 17 | Attack requires up to six months. APT-class timelines. |
gt6mo | > 6 months | 19 | Attack requires more than six months. Lowest feasibility contribution. |
Specialist Expertise (attackExpertise)
Rates the level of specialist security knowledge required by the attacker. Source:.polarion/tracker/fields/taraRecord-attackExpertise-enum.xml
| Enum ID | Label | Score | Description |
|---|---|---|---|
layman | Layman | 0 | No specific security knowledge required. |
proficient | Proficient | 3 | Familiarity with product security behavior required. Product-level knowledge. |
expert | Expert | 6 | Understanding of algorithms, cryptographic protocols, or internal security mechanisms required. |
multipleExperts | Multiple Experts | 8 | Coordinated expertise across multiple security disciplines required (e.g., hardware + cryptography + network). Team attack. |
Knowledge of Item (attackKnowledge)
Rates the confidentiality level of information required to execute the attack. Source:.polarion/tracker/fields/taraRecord-attackKnowledge-enum.xml
| Enum ID | Label | Score | Description |
|---|---|---|---|
public | Public | 0 | Information is publicly available (e.g., published CVEs, public documentation). |
restricted | Restricted | 3 | Information is restricted to specific teams or organizations. Requires industry-specific access. |
confidential | Confidential | 7 | Information is shared on a need-to-know basis within the organization. |
strictlyConfidential | Strictly Confidential | 11 | Information is known only to a very small number of individuals with highest clearance. |
Window of Opportunity (attackWoo)
Rates how accessible the attack surface is to the attacker. “WOO” is the EVITA abbreviation for Window of Opportunity. Source:.polarion/tracker/fields/taraRecord-attackWoo-enum.xml
| Enum ID | Label | Score | Description |
|---|---|---|---|
unlimited | Unlimited | 0 | Attack surface always accessible. No time constraint. Highest feasibility. |
easy | Easy | 1 | Extended access without detection risk. Low barrier. |
moderate | Moderate | 4 | Limited time window or moderate access privileges required. |
difficult | Difficult | 10 | Very narrow time window AND insider-level privileges required. Both constraints must apply. |
Equipment (attackEquipment)
Rates the sophistication of tools required to execute the attack. Source:.polarion/tracker/fields/taraRecord-attackEquipment-enum.xml
| Enum ID | Label | Score | Description |
|---|---|---|---|
standard | Standard | 0 | Readily available tools (standard PC, public software). |
specialized | Specialized | 4 | Specialized non-commodity tools (e.g., JTAG hardware debugger). |
bespoke | Bespoke | 7 | Custom-built non-commercial equipment. Well-resourced adversary required. |
multBespoke | Multiple Bespoke | 9 | Multiple distinct custom-built tools required. Most restricted attacker population. |
Score Aggregation
The RisksheetfeasibilityFormula sums all five factor scores:
| Aggregate Score | Feasibility Level |
|---|---|
| 0 - 13 | High (easy to attack) |
| 14 - 19 | Medium |
| 20 - 24 | Low |
| 25+ | Very Low (hard to attack) |
Scoring Example
| Factor | Selection | Score |
|---|---|---|
| Elapsed Time | <= 1 week | 1 |
| Expertise | Proficient | 3 |
| Knowledge | Restricted | 3 |
| Window of Opportunity | Easy | 1 |
| Equipment | Standard | 0 |
| Total | 8 | |
| Feasibility | High (8 <= 13) |
Risksheet Column Configuration
All five factor columns share these properties:| Property | Value |
|---|---|
| Level | 5 (Threat Path level) |
| Group | Attack Feasibility |
| Group Color | rgba(96, 172, 238, 0.12) (blue) |
| View | 2. Assess Feasibility |
| Read-Only in Form | Yes (editable only in Risksheet) |
Related Pages
- TARA Feasibility Levels — the aggregate output of this scoring
- TARA Impact Levels — the other axis of the risk matrix
- Attack Feasibility Scoring (EVITA) — concept page on the scoring methodology
- Score Attack Feasibility — how-to guide for scoring
- Risksheet Formulas Reference — formula implementation details