Formulas
feasibilityFormula
Computes the overall attack feasibility rating from five EVITA attack factor inputs.| Property | Value |
|---|---|
| Output Field | taraFeasibility |
| Input Fields | attackTime, attackExpertise, attackKnowledge, attackWoo, attackEquipment |
| Output Type | Enum value from taraRecord-taraFeasibility |
| Null Behavior | Returns null when any input factor is missing |
- Map each attack factor enum value to a numeric score
- Sum all five numeric scores
- Classify the aggregate score into a feasibility level
| Aggregate Score | Feasibility Level | Enum ID |
|---|---|---|
| 0 — 13 | High | high |
| 14 | Medium | medium |
| 15 — 19 | Low | low |
| 20+ | Very Low | veryLow |
attackTime):
| Enum ID | Label | Score |
|---|---|---|
lte1d | <= 1 day | 0 |
lte1w | <= 1 week | 1 |
lte1mo | <= 1 month | 4 |
lte6mo | <= 6 months | 10 |
gt6mo | > 6 months | 19 |
attackExpertise):
| Enum ID | Label | Score |
|---|---|---|
layman | Layman | 0 |
proficient | Proficient | 3 |
expert | Expert | 6 |
multipleExperts | Multiple Experts | 8 |
attackKnowledge):
| Enum ID | Label | Score |
|---|---|---|
public | Public | 0 |
restricted | Restricted | 3 |
confidential | Confidential | 7 |
strictlyConfidential | Strictly Confidential | 11 |
attackWoo):
| Enum ID | Label | Score |
|---|---|---|
unlimited | Unlimited | 0 |
easy | Easy | 1 |
moderate | Moderate | 4 |
difficult | Difficult | 10 |
attackEquipment):
| Enum ID | Label | Score |
|---|---|---|
standard | Standard | 0 |
specialized | Specialized | 4 |
bespoke | Bespoke | 7 |
multBespoke | Multiple Bespoke | 9 |
high feasibility level (score 0-13) represents attacks achievable with minimal resources. The veryLow level (score 20+) represents attacks requiring exceptional effort across multiple dimensions.
verdictFormula
Computes the risk verdict score from the 4x4 impact-feasibility matrix.| Property | Value |
|---|---|
| Output Field | taraVerdict |
| Input Fields | taraImpact, taraFeasibility |
| Output Type | Integer (1-5) |
| Null Behavior | Returns null when either input is missing |
| High | Medium | Low | Very Low | |
|---|---|---|---|---|
| Severe | 5 | 4 | 3 | 2 |
| Major | 4 | 3 | 2 | 1 |
| Moderate | 3 | 2 | 1 | 1 |
| Negligible | 1 | 1 | 1 | 1 |
| Verdict | Risk Level | Color | Minimum CAL |
|---|---|---|---|
| 1 | Acceptable | Green | CAL 1 |
| 2 | Low | Light Green | CAL 1 |
| 3 | Medium | Amber | CAL 2 |
| 4 | High | Orange | CAL 3 |
| 5 | Critical | Red | CAL 4 |
- Negligible impact always yields verdict 1 regardless of feasibility.
- Verdict 5 (critical) only occurs with Severe impact combined with High feasibility.
- The verdict drives the minimum CAL requirement enforced by the
calDecorator.
description formula
Auto-generates a structured plain-text summary for each TARA Record.| Property | Value |
|---|---|
| Output Field | description |
| Input Fields | stakeholder_title, damageScenario, threatScenario_title, threatPath |
| Output Type | String |
_title suffix variants to resolve linked item display names. The description field is enforced as read-only by taraRecord-read-only-fields.xml.
Cell Decorators
feasibilityDecorator
Applied to the Feasibility column. Color-codes by feasibility level.| Field Value | CSS Class | Color | Semantic |
|---|---|---|---|
veryLow | .feasVeryLow | Green | Low threat |
low | .feasLow | Green | Low threat |
medium | .feasMedium | Amber | Moderate threat |
high | .feasHigh | Red | High threat |
veryLow and low share the same green styling, emphasizing only medium and high as actionable levels.
impactDecorator
Applied to the Impact column. Color-codes by impact severity.| Field Value | CSS Class | Color | Semantic |
|---|---|---|---|
negligible | .impactNegligible | Light Green | Minimal harm |
moderate | .impactModerate | Amber | Moderate harm |
major | .impactMajor | Orange | Serious harm |
severe | .impactSevere | Light Red | Life-threatening harm |
verdictDecorator
Applied to the Verdict column. Provides a 5-point color gradient with bold emphasis.| Field Value | CSS Class | Color | Semantic |
|---|---|---|---|
| 1 | .verdict1 | Green | Acceptable risk |
| 2 | .verdict2 | Light Green | Low risk |
| 3 | .verdict3 | Amber | Medium risk |
| 4 | .verdict4 | Orange | High risk |
| 5 | .verdict5 | Red | Critical risk |
.boldCol class for visual emphasis. The decorator handles both integer (val === 1) and string (val === '1') verdict values.
rowHeaderVerdict
Applied to the row header (left-side row number cell). Colors the entire row header based on thetaraVerdict value, matching the verdict color scale.
| Property | Value |
|---|---|
| Configuration Path | headers.rowHeader.renderer |
| Input Field | taraVerdict |
| Behavior | Row-level risk coloring visible even when Verdict column is hidden |
goalHighlight
Applied to the Cybersecurity Goal column. Validates that risk reduction/avoidance treatments have a linked goal.| Condition | Style | Display |
|---|---|---|
treatmentChoice is reducing or avoiding AND cybersecurityGoal is empty | .treatmentMissing (orange outline) | “Goal required” hint text via .missing-hint |
| Otherwise | No decoration | Standard display |
claimHighlight
Applied to the Claims column. Validates that risk retention/sharing treatments have written justification.| Condition | Style | Display |
|---|---|---|
treatmentChoice is retaining or sharing AND taraClaims is empty | .treatmentMissing (orange outline) | “Claim required” hint text via .missing-hint |
| Otherwise | No decoration | Standard display |
goalHighlight and claimHighlight ensure every treatment decision has either a goal link or a written claim, covering all four treatment choices.
calDecorator
Applied to the CAL column. Provides color coding and minimum-CAL validation.| Function | Input | Behavior |
|---|---|---|
| Color coding | goalCal value | Applies .cal1 through .cal4 pastel color classes |
| Mismatch detection | goalCal + taraVerdict | Compares assigned CAL against minimum required by verdict |
| Verdict | Minimum CAL | Mismatch Style |
|---|---|---|
| 1 or 2 | CAL 1 | .calMismatch + “min CAL 1” |
| 3 | CAL 2 | .calMismatch + “min CAL 2” |
| 4 | CAL 3 | .calMismatch + “min CAL 3” |
| 5 | CAL 4 | .calMismatch + “min CAL 4” |
CSS Classes Reference
Column-Level Classes
| CSS Class | Applied To | Effect |
|---|---|---|
.creadonly | taraFeasibility, taraVerdict, description | Background: whitesmoke. Indicates formula-driven read-only columns. |
.boldCol | taraVerdict | Bold text for verdict emphasis. |
Status Color Classes
| CSS Class | Hex Color | Used By |
|---|---|---|
.feasVeryLow | Green | feasibilityDecorator |
.feasLow | Green | feasibilityDecorator |
.feasMedium | Amber | feasibilityDecorator |
.feasHigh | Red | feasibilityDecorator |
.impactNegligible | Light Green | impactDecorator |
.impactModerate | Amber | impactDecorator |
.impactMajor | Orange | impactDecorator |
.impactSevere | Light Red | impactDecorator |
.verdict1 — .verdict5 | Green to Red | verdictDecorator |
.cal1 — .cal4 | Pastel range | calDecorator |
.calMismatch | Red badge | calDecorator |
.treatmentMissing | Orange outline | goalHighlight, claimHighlight |
.missing-hint | Hint text overlay | goalHighlight, claimHighlight |
Related Pages
- Risksheet Configuration Reference — column definitions, hierarchy, query factories
- Risksheet Views Reference — view definitions and column visibility per phase
- Attack Feasibility Factor Enums — enum values for the five attack factors
- TARA Feasibility Levels — output enum of the feasibility formula
- TARA Impact Levels — input enum for the verdict formula
- Cybersecurity Assurance Levels (CAL) — CAL validation target
- Risk Treatment Choice — treatment validation input
- Attack Feasibility Scoring (EVITA) — conceptual explanation of the scoring methodology