Skip to main content
Source: .polarion/tracker/fields/taraRecord-taraFeasibility-enum.xml

Enum Values

Enum IDLabelScore RangeSort OrderDescription
highHigh0 - 130Attack is feasible with low effort. Easiest attacks. Most severe feasibility rating.
mediumMedium14 - 191Attack is feasible with moderate effort.
lowLow20 - 242Attack requires significant effort.
veryLowVery Low25+3Attack requires exceptional effort. Hardest attacks. Most favorable from a security standpoint.
“High” feasibility means the attack is easy to execute, not that security is high. Higher feasibility = higher risk. This is a common point of confusion — the rating measures attack potential, not defense strength.

Score Aggregation

The feasibilityFormula in the Risksheet computes the aggregate score by summing five factor values:
aggregate = attackTime + attackExpertise + attackKnowledge + attackWoo + attackEquipment

Factor Score Ranges

FactorField IDMin ScoreMax Score
Elapsed TimeattackTime0 (lte1d)19 (gt6mo)
Specialist ExpertiseattackExpertise0 (layman)8 (multipleExperts)
Knowledge of ItemattackKnowledge0 (public)11 (strictlyConfidential)
Window of OpportunityattackWoo0 (unlimited)10 (difficult)
EquipmentattackEquipment0 (standard)9 (multBespoke)
Total Range057

Threshold Boundaries

Score:  0 -------- 13 | 14 ------- 19 | 20 ------- 24 | 25 -------- 57
Level:     HIGH        |    MEDIUM     |      LOW       |    VERY LOW
  • 0-13 (High): Minimal effort required. Standard tools, public knowledge, short time.
  • 14-19 (Medium): Moderate barriers. Some specialized knowledge or tools needed.
  • 20-24 (Low): Significant barriers. Expert knowledge, restricted information, specialized equipment.
  • 25+ (Very Low): Exceptional effort. Nation-state resources, multiple experts, bespoke equipment, extended timeframes.

Risksheet Integration

PropertyValue
Field IDtaraFeasibility
Column HeaderFeasibility
Column GroupRisk Assessment (red: #F8EBE8)
Risksheet Level5 (Threat Path level)
FormulafeasibilityFormula (auto-computed from five factors)
Cell DecoratorfeasibilityDecorator
Read-Only in Columnfalse (can be overridden manually)
Views2. Assess Feasibility, 3. Risk Assessment, 4. Risk Treatment, Overview
Read-Only in FormYes (editable only in Risksheet)

Feasibility Decorator Styling

The feasibilityDecorator applies CSS classes based on the computed level:
Feasibility LevelCSS StyleVisual
HighHigh (red)Red background
MediumMedium (amber)Amber background
LowLow (green)Green background
Very LowVery Low (green)Green background

Risk Verdict Matrix

Feasibility is the column axis in the verdict formula. Combined with TARA Impact, it produces the risk verdict (1-5):
Impact \ FeasibilityVery LowLowMediumHigh
Severe3455
Major2345
Moderate1234
Negligible1111

Minimum CAL Mapping

The risk verdict derived from feasibility and impact determines the minimum required Cybersecurity Assurance Level (CAL):
VerdictMinimum CAL
5 (Critical)CAL 4
4 (High)CAL 3
3 (Medium)CAL 2
1-2 (Low/Negligible)CAL 1

Scoring Examples

High Feasibility Example

FactorSelectionScore
TIME<= 1 day0
EXPLayman0
KNOWPublic0
WOOUnlimited0
EQPStandard0
Total0
ResultHigh
Remote attack using publicly known vulnerability, standard tools, no expertise needed.

Very Low Feasibility Example

FactorSelectionScore
TIME> 6 months19
EXPMultiple Experts8
KNOWStrictly Confidential11
WOODifficult10
EQPMultiple Bespoke9
Total57
ResultVery Low
Attack requires nation-state resources, multiple expert teams, custom hardware, and extended physical access.