<!-- Source: https://melinasecurity.com/knowledge/faq/tara-granularity-single-ecu/  License: CC BY 4.0 with attribution to Melina Security  Last-updated: 2026-06-12 -->

# How granular does a TARA need to be — per-ECU, per-feature, or per-domain?

**slug:** `faq-tara-granularity-single-ecu` · **URL:** `/knowledge/faq/tara-granularity-single-ecu/` · **reviewer:** Tatiana

### Short answer

Granular enough that each asset has a stable owner, a defined trust boundary, and a small enough damage-scenario list that the assessor can defend each entry — typically 5-20 assets per ECU class, not hundreds.

### Why this question matters

TARA quality issues we see most often arrive in two flavors: too coarse (one asset called "infotainment system" with three damage scenarios) or too fine (every register, every shared-memory region, every interrupt becomes its own asset). The first hides material risk inside an aggregate. The second produces unmaintainable documentation that no one reviews after the project closes.

### How to set the granularity

A practical rule we use on engagements: each asset should be answerable for, at one engineering review, by one technical owner. "The infotainment head unit" — owned by the infotainment team — is too coarse. "The 32-bit register at address 0xC0001234" — owned by no one specific — is too fine. "The OEM-personalized over-the-air update keys stored in the secure element of the telematics control unit" — owned by the TCU/security team — is the granularity that works.

For ISO/SAE 21434 implementation, asset granularity should follow the architectural decomposition the team already uses for functional safety (where applicable) and the cybersecurity-interface agreements between the OEM and supplier. Inheriting that decomposition means the TARA stays aligned with the rest of the engineering documentation and survives team transitions.

### What we recommend in practice

For Tier-1 suppliers preparing for OEM cybersecurity assessment: 8-15 assets per ECU as the working starting point, with damage scenarios derived directly from the cybersecurity goals in the cybersecurity-interface agreement. Adjust upward where the ECU integrates multiple distinct trust domains (e.g., a TCU that runs both safety-relevant CAN traffic and tenant cellular connectivity).

### Related

- [What is TARA?](/knowledge/glossary/tara/)
- [TARA before ECU pentest — when does each happen?](/knowledge/faq/tara-before-ecu-pentest/)
- [What is ISO/SAE 21434?](/knowledge/glossary/iso-sae-21434/)

---