Values
| ID | Label | Sort Order | Description |
|---|---|---|---|
cal1 | CAL 1 | 0 | Lowest assurance level. Minimal cybersecurity engineering process rigor required. |
cal2 | CAL 2 | 1 | Moderate assurance level. Structured security development activities with moderate rigor. |
cal3 | CAL 3 | 2 | High assurance level. Formal security testing and verification activities required. Triggers additional process obligations per ISO/SAE 21434. |
cal4 | CAL 4 | 3 | Highest assurance level. Most stringent security engineering process. Requires exhaustive validation, independent review, and potentially third-party audits per ISO/SAE 21434 Clause 15. |
Verdict-to-CAL Mapping
The minimum required CAL is determined by thetaraVerdict score computed in the Risksheet Formulas. The calDecorator in the Risksheet enforces this mapping:
| Verdict Score | Minimum Required CAL |
|---|---|
| 1 | CAL 1 |
| 2 | CAL 1 |
| 3 | CAL 2 |
| 4 | CAL 3 |
| 5 | CAL 4 |
min CAL N in the CAL cell.
Field Binding
| Property | Value |
|---|---|
| Field ID | cal |
| Work Item Type | cybersecurityGoal |
| Enum ID | cybersecurityGoal-cal |
| Field Type | Enum (single-select) |
cal field is defined on the Cybersecurity Goal work item type. In the Risksheet, CAL is accessed via the cross-item binding cybersecurityGoal.cal through the goalCal column, which reads and writes the CAL value on the linked Cybersecurity Goal directly from within the TARA Risksheet row.
Risksheet Usage
ThegoalCal column in the Risksheet Configuration:
- Uses dot-notation cross-item binding (
cybersecurityGoal.cal) to read/write the linked goal’s CAL field - Has
readOnly: false, allowing engineers to set the CAL directly from the Risksheet without navigating to the goal work item - Applies the
calDecoratorcell decorator for:- Color-coding CAL 1-4 with distinct pastel colors
- Mismatch detection against the verdict-derived minimum CAL
- Appears in the following views:
Overview4. Risk Treatment5. Req & Verification
Cell Decorator: calDecorator
| Condition | Style | Behavior |
|---|---|---|
goalCal = cal1 | .cal1 class (pastel color) | Standard CAL 1 display |
goalCal = cal2 | .cal2 class (pastel color) | Standard CAL 2 display |
goalCal = cal3 | .cal3 class (pastel color) | Standard CAL 3 display |
goalCal = cal4 | .cal4 class (pastel color) | Standard CAL 4 display |
| CAL < minimum for verdict | .calMismatch class (red badge) | Displays min CAL N warning text |
Related Enumerations
- TARA Impact Levels — impact input to the verdict formula
- TARA Feasibility Levels — feasibility input to the verdict formula
- Risk Treatment Choice — treatment decision driven by verdict and CAL
- Treatment Status — tracks treatment implementation progress
Configuration Notes
- CAL is an output of the TARA risk assessment process, not an input. The traceability path flows from
taraRecordassessment (impact x feasibility = verdict) tocybersecurityGoal.calassignment. - No default value is defined in the enum. Projects should establish whether unset CAL fields are treated as incomplete or default to CAL 1.
- CAL 4 is analogous to ASIL D in functional safety, representing the ceiling of assurance obligations. Goals with CAL 4 likely require dedicated cybersecurity cases and independent third-party audits.
- Changes made to the
goalCalcolumn in the Risksheet are written back to the linkedcybersecurityGoalwork item, creating an audit trail entry on that work item.