Values
| ID | Label | Sort Order | Description |
|---|---|---|---|
confidentiality | Confidentiality | 0 | Information is not disclosed to unauthorized entities. Covers data exfiltration, eavesdropping, and information leakage scenarios. |
integrity | Integrity | 1 | Information has not been altered by unauthorized means. Covers tampering, replay, and data manipulation threats. |
availability | Availability | 2 | Timely and reliable access to information and functions. Covers denial-of-service and system disruption threats. |
authenticity | Authenticity | 3 | Information originates from a verified source. Covers spoofing and impersonation threats targeting message or data origin verification. |
authorization | Authorization | 4 | Only authorized entities can perform actions. Covers access control bypass and privilege escalation scenarios. |
nonRepudiation | Non-repudiation | 5 | An action or event cannot be denied afterward. Covers threats to audit trails and forensic evidence integrity. |
STRIDE Correspondence
The CIAx properties have an implicit correspondence with the STRIDE threat classification model:| CIAx Property | STRIDE Category |
|---|---|
authenticity | Spoofing |
integrity | Tampering |
nonRepudiation | Repudiation |
confidentiality | Information Disclosure |
availability | Denial of Service |
authorization | Elevation of Privilege |
Field Binding
| Property | Value |
|---|---|
| Field ID | ciaxProperty |
| Work Item Type | taraRecord |
| Enum ID | taraRecord-ciaxProperty |
| Field Type | Enum (single-select) |
ciaxProperty field is defined as a custom field on the TARA Record work item type. It appears in the Risksheet as a Level 2 hierarchy column, grouping TARA Records by the threatened security property under each stakeholder.
Risksheet Usage
In the Risksheet Configuration, theciaxProperty column serves as:
- Level 2 control column in the 5-level row hierarchy (Stakeholder > CIAx Property > Damage Scenario > Threat Scenario > Threat Path)
- Sort dimension in the default
sortByconfiguration, ordering rows by security property within each stakeholder group - Visible column in the following views:
1. Identify Threats2. Assess Feasibility3. Risk Assessment4. Risk Treatment
Related Enumerations
- TARA Impact Levels — severity of harm if the CIAx property is compromised
- TARA Feasibility Levels — likelihood the attack on this property succeeds
- Attack Feasibility Factor Enums — five sub-factors composing the feasibility rating
Configuration Notes
- The enumeration name uses the
ciaxPropertysuffix, where “x” denotes the extended properties beyond the standard CIA triad (Authenticity, Authorization, Non-repudiation). - Sort order places the three core CIA properties first (0-2), followed by the three extensions (3-5). This ordering affects display sequence in Polarion form dropdowns and Risksheet column pickers.
- In automotive cybersecurity per ISO/SAE 21434, availability threats often carry direct safety implications and may elevate impact scores. Integrity violations on safety-critical systems may similarly trigger higher risk verdicts.
- The field appears in the auto-generated description formula output as part of the structured risk record summary.