Skip to content
Melina Security

FAQ

How granular does a TARA need to be — per-ECU, per-feature, or per-domain?

Granular enough that each asset has a stable owner, a defined trust boundary, and a small enough damage-scenario list that the assessor can defend each entry — typically 5-20 assets per ECU class, not hundreds.

Short answer

Granular enough that each asset has a stable owner, a defined trust boundary, and a small enough damage-scenario list that the assessor can defend each entry — typically 5-20 assets per ECU class, not hundreds.

Why this question matters

TARA quality issues we see most often arrive in two flavors: too coarse (one asset called "infotainment system" with three damage scenarios) or too fine (every register, every shared-memory region, every interrupt becomes its own asset). The first hides material risk inside an aggregate. The second produces unmaintainable documentation that no one reviews after the project closes.

How to set the granularity

A practical rule we use on engagements: each asset should be answerable for, at one engineering review, by one technical owner. "The infotainment head unit" — owned by the infotainment team — is too coarse. "The 32-bit register at address 0xC0001234" — owned by no one specific — is too fine. "The OEM-personalized over-the-air update keys stored in the secure element of the telematics control unit" — owned by the TCU/security team — is the granularity that works.

For ISO/SAE 21434 implementation, asset granularity should follow the architectural decomposition the team already uses for functional safety (where applicable) and the cybersecurity-interface agreements between the OEM and supplier. Inheriting that decomposition means the TARA stays aligned with the rest of the engineering documentation and survives team transitions.

What we recommend in practice

For Tier-1 suppliers preparing for OEM cybersecurity assessment: 8-15 assets per ECU as the working starting point, with damage scenarios derived directly from the cybersecurity goals in the cybersecurity-interface agreement. Adjust upward where the ECU integrates multiple distinct trust domains (e.g., a TCU that runs both safety-relevant CAN traffic and tenant cellular connectivity).

Related

- What is TARA? - TARA before ECU pentest — when does each happen? - What is ISO/SAE 21434?

---