Values
| ID | Label | Sort Order | Description |
|---|---|---|---|
inherentSafetyDesign | Inherent Safety Design | 0 | Controls that eliminate or reduce hazards through fundamental design choices. Addresses the threat at the architectural level rather than adding protective layers. Preferred approach per ISO/SAE 21434 secure-by-design principles. |
protectiveMeasure | Protective Measure | 1 | Add-on safeguards, guards, or barriers that reduce the likelihood or impact of a threat without changing the fundamental design. Examples: firewalls, encryption, intrusion detection systems. |
informationForSafety | Information for Safety | 2 | Warnings, instructions, training materials, or procedural guidance that inform users or operators about residual risks. Last-resort control tier in the safety hierarchy. |
Safety Hierarchy
The three values follow the classic IEC/ISO safety control hierarchy, ordered from most to least effective:inherentSafetyDesign are preferred over protectiveMeasure, which in turn is preferred over informationForSafety.
Field Binding
| Property | Value |
|---|---|
| Field ID | riskControlType |
| Work Item Type | riskControl |
| Enum ID | riskControlType |
| Field Type | Enum (multi-select) |
riskControlType field allows multiple values. A single risk control work item can combine multiple types (e.g., both protectiveMeasure and informationForSafety).
Companion Enumeration: controlType
A separatecontrolType enum provides a simplified three-value classification on the same riskControl work item type:
| ID | Label | Sort Order |
|---|---|---|
design | Design | 0 |
protective | Protective | 1 |
information | Information | 2 |
controlType enum uses shorter labels and maps to the same hierarchy as riskControlType:
| controlType | riskControlType Equivalent |
|---|---|
design | inherentSafetyDesign |
protective | protectiveMeasure |
information | informationForSafety |
Lucene Queries
Risksheet Usage
Risk controls appear in the Risksheet via the task column, which links TARA Records toriskControl work items using the mitigates link role. The riskControlType field is not directly displayed as a Risksheet column but can be used in:
- PowerSheet column bindings for filtering or grouping risk controls by type
- Lucene queries in dashboard KPI cards to count controls by type
- Coverage analysis to verify that high-severity threats have design-level controls, not just informational ones
Related Enumerations
- Risk Treatment Choice — treatment strategy that triggers risk control creation (typically
reducingoravoiding) - Treatment Status — implementation progress of the treatment that includes this control
- Cybersecurity Assurance Levels (CAL) — higher CAL levels may require more rigorous control types
Configuration Notes
- No
otherorunclassifiedfallback value exists. All risk control work items should be assigned at least one of the three types. informationForSafetyalone is generally insufficient for high-severity threats per ISO/SAE 21434. It should be used in combination with design or protective controls for threats with verdict scores of 3 or higher.- The multi-select capability means a single control can be classified as both protective and informational (e.g., an intrusion detection system that also generates operator alerts).
- When documenting risk retention decisions, the absence of design-level controls should be explicitly justified in the
taraClaimsfield of the associated TARA Record.