You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

A Cybersecurity Requirement Diagram displays cybersecurity goals, cybersecurity requirements, and their relations. The main purpose of this diagram is to create requirements that cover the goals defined in TARA. 

Deriving Cybersecurity Requirements

Cybersecurity Requirements are derived from Cybersecurity Goals defined in a TARA table. You can use the Cybersecurity  Requirement Diagram to derive four types of Cybersecurity Requirements: Functional, Technical, Software, and Hardware.

To derive a Cybersecurity Requirement


  1. From the Index page, open the Functional Cybersecurity Concept.
  2. Find the Cybersecurity Goal you want to derive the Cybersecurity Requirement from and drag it to the diagram.
  3. Create the Cybersecurity Requirement you want to derive by clicking it in the diagram palette and clicking an empty space on the diagram pane.
  4. Name the created Cybersecurity Requirement and write the required text.
  5. Create a derived relationship from the Cybersecurity Requirement to the Safety Goal as displayed below.

Creating a Cybersecurity Goal

To create a Cybersecurity Goal


  1. In the Containment tree, right-click Functional Cybersecurity Concept and select Create Element.



  2. Do one of the following:
    • In the dialog, expand ISO 21434 and select Cybersecurity Goal.



    • In the search tab, type the keyword goals and then select Cybersecurity Goal.



  3. Name the created Cybersecurity Goal in the Containment tree. The cybersecurity goal has the prefix CG, which denotes that the created element is cybersecurity goals; the number 1 indicates that it is the first cybersecurity goal created.

You can also create a Cybersecurity Goal in the Cybersecurity Goal Table or by using the diagram panel.

Creating a Cybersecurity Requirement

To create a Cybersecurity Requirement


  1. In the Containment tree, right-click Functional Cybersecurity Concept and select Create Element.



  2. Do one of the following:
    • In the dialog, expand ISO 21434. From the drop-down list, choose one of the following:

      • Functional Cybersecurity Requirement
      • Hardware Cybersecurity Requirement 
      • Software Cybersecurity Requirement
      • Technical Cybersecurity Requirement



    • In the search tab, type the keyword goals and then select the required Cybersecurity Requirement.



  3. Name the created Cybersecurity Requirement in the Containment tree.

You can also create a cybersecurity requirement in the cybersecurity requirement tables.

Cybersecurity Assurance Level

The Cybersecurity Assurance Level (CAL) classification scheme is used to specify a set of assurance requirements for components/items in terms of levels of rigor.  These levels of rigor provide confidence that assets of an item are developed with adequate protection. A CAL value is specified on a Cybersecurity Goal and is inherited by all derived requirements.  This value specifies the amount of rigor required to address relevant threat scenarios during product development. By default, there are four CAL levels CAL1 to CAL4 representing Low to High Cybersecurity assurance.

To assign a Cybersecurity Assurance Level


  1. In the Containment tree, double- click the Cybersecurity Assurance dependency matrix.



  2. In the Cybersecurity Assurance dependency matrix, double click the designated cell in the desired cybersecurity goal's row and the CAL value's column.

    You can modify the dependency matrix based on your requirements. To learn more about modifying dependency matrix, refer to Using Dependency Matrix.



You can also create custom CAL values and assign the custom created CAL value to any cybersecurity goal.

To create custom CAL value and assign it to the cybersecurity goal


  1. In the Containment tree, right-click the desired packageselect Create Element and select Class.
  2. Assign CybersecurityAssuraneLevel [Class] stereotype to the created element.



  3. Assign AbstractCybersecurityAssuranceLevel as Base Classifier to the created element.



  4. Drag and drop the package containing the custom CAL value onto the column scope.



  5. Double-click the designated cell in the cybersecurity goal's row and custom CAL value's column.

Functional Cybersecurity Concept Table

The Functional Cybersecurity Concept Table provides an overview of goals & requirements to be implemented to secure assets.