Skip to main content

Global Settings

SettingValueDescription
addAsSubmenutrueRisksheet appears as a submenu item in Polarion navigation, not a top-level entry.
cultureenLocalization setting. Affects date formats and locale-sensitive rendering.
reviewManagerCommentBasedUses Polarion comment-based review workflow. Reviewers annotate individual rows with comments.

Data Types

The Risksheet operates with two work item data types:
Data TypePolarion TypeLink RoleZoom ColumnDescription
risktaraRecordPrimary data type. Each Risksheet row IS a taraRecord work item.
taskriskControlmitigatestaskTitleTask data type. Risk controls are embedded as tasks within each TARA Record row.

Column Definitions

Threat Identification Columns

Column NameField BindingTypeWidthLevelDescription
StakeholderstakeholderitemLink2001Links to stakeholder work item from Risks/StakeholderCatalog via hasStakeholder link role.
CIAx PropertyciaxPropertyenum1102Security property threatened. Enum: taraRecord-ciaxProperty.
Damage ScenariodamageScenariorichText2503Free-text description of the damage resulting from the threat.
Threat ScenariothreatScenarioitemLink2004Links to threat scenario from Risks/ThreatScenarioCatalog via hasThreatScenario link role.
Threat PaththreatPathtext2005Free-text attack path description. collapseTo: true.

Attack Feasibility Columns

Column NameField BindingTypeWidthHeaderDescription
TIMEattackTimeenum100headFeasibilityElapsed time to complete attack. Enum: taraRecord-attackTime.
EXPattackExpertiseenum100headFeasibilityAttacker expertise level. Enum: taraRecord-attackExpertise.
KNOWattackKnowledgeenum110headFeasibilityKnowledge of target required. Enum: taraRecord-attackKnowledge.
WOOattackWooenum100headFeasibilityWindow of Opportunity. Enum: taraRecord-attackWoo.
EQPattackEquipmentenum110headFeasibilityEquipment required. Enum: taraRecord-attackEquipment.
FeasibilitytaraFeasibilityenum120headFeasibilityComputed feasibility rating. Enum: taraRecord-taraFeasibility. Read-only (formula-driven). CSS: .creadonly.

Risk Assessment Columns

Column NameField BindingTypeWidthHeaderDescription
ImpacttaraImpactenum110headRiskImpact severity rating. Enum: taraRecord-taraImpact.
VerdicttaraVerdictint100headRiskComputed risk verdict (1-5). Formula-driven. collapseTo: true. CSS: .creadonly.

Risk Treatment Columns

Column NameField BindingTypeWidthHeaderDescription
TreatmenttreatmentChoiceenum130headTreatmentTreatment strategy. Enum: taraRecord-treatmentChoice.
StatustreatmentStatusenum110headTreatmentTreatment implementation status. Enum: taraRecord-treatmentStatus.

Cybersecurity Goal Columns

Column NameField BindingTypeWidthHeaderDescription
GoalcybersecurityGoalitemLink150headGoalLinks to cybersecurityGoal via hasCybersecurityGoal link role. No document restriction.
CALcybersecurityGoal.calenum100headGoalCross-item binding to the linked goal’s CAL field. Enum: cybersecurityGoal-cal. Read-write.

Cybersecurity Claim Columns

Column NameField BindingTypeWidthHeaderDescription
ClaimstaraClaimsrichText180headClaimCybersecurity claims text. Required when treatment is retaining or sharing.

Controls Columns

Column NameField BindingTypeWidthHeaderDescription
TasktasktaskLink100headControlsLinks to riskControl work item via mitigates role.
Task TitletaskTitletextheadControlsDisplay title of linked risk control. minWidth used instead of fixed width. collapseTo: true.

Requirements and Verification Columns

Column NameField BindingTypeWidthHeaderDescription
RequirementsrequirementsserverRender150headReqVerifVelocity-rendered. Traverses: riskControl back-links to sysReq/desReq.
VerificationverificationserverRender150headReqVerifVelocity-rendered. Traverses: sysReq/desReq back-links to testCase.

Generated Columns

Column NameField BindingTypeWidthDescription
DescriptiondescriptionrichText200Auto-generated summary. Formula concatenates stakeholder, damage, threat, and path fields. Read-only.

Row Hierarchy (5 Levels)

LevelControl ColumnZoom ColumnSemantic
1stakeholderstakeholderStakeholder grouping
2ciaxPropertyciaxPropertySecurity property grouping
3damageScenariodamageScenarioDamage scenario grouping
4threatScenariothreatScenarioThreat scenario grouping
5systemItemIdthreatPathThreat path (leaf level)
The hierarchy enables analysts to collapse/expand the Risksheet at any level. The sortBy configuration matches this hierarchy order: stakeholder > ciaxProperty > damageScenario > threatScenario > threatPath. Level 5 uses systemItemId as the control column (system-level record identifier) rather than threatPath as the zoom column.

Query Factories

Factory NameLucene QueryUsed By
stakeholderQuerytype:stakeholderStakeholder column item picker
threatScenarioQuerytype:threatScenarioThreat Scenario column item picker
cybersecurityGoalQuerytype:cybersecurityGoalCybersecurity Goal column item picker
Query factories restrict item picker results to the correct work item type, preventing wrong-type items from being linked. The stakeholder and threat scenario pickers are additionally scoped to specific catalog documents (Risks/StakeholderCatalog and Risks/ThreatScenarioCatalog).

Column Group Color Theming

GroupCSS ClassSemantic Color
Threat IdentificationheadThreatPurple
Attack FeasibilityheadFeasibilityBlue
Risk AssessmentheadRiskRed/Pink
Risk TreatmentheadTreatmentGreen
Cybersecurity GoalheadGoalTeal
Cybersecurity ClaimheadClaimAmber
ControlsheadControlsBlue
Req & VerificationheadReqVerifPurple
First-row (.firstRow) and last-row (.lastRow) CSS selectors provide depth effect on column group headers. Column group header height is 42px; individual column header height is 52px.

Header Configuration

HeaderHeightRenderer
columnGroupHeader42pxStandard
columnHeader52pxStandard
rowHeaderrowHeaderVerdict decorator (colors row header by verdict score)