OMG Task Force

Risk Analysis and Assessment Modeling Language (RAAML) 1.2 RTF — All Issues

Key: RAAML12
Issues Count: 14

Issues Summary

Key	Issue	Reported	Status
RAAML12-22	Add stereotype for Vulnerability	RAAML 1.1	open
RAAML12-23	Add stereotype for Weakness	RAAML 1.1	open
RAAML12-14	Weakness is not stereotyped as Weakness, and is not marked as Abstract and must be made abstract for consistency	RAAML 1.1	open
RAAML12-15	Vulnerability is not currently stereotyped as Vulnerability, and is not marked as Abstract,	RAAML 1.1	open
RAAML12-11	ProcessModelFlaw is not marked as Abstract and the name needs to be changed	RAAML 1.1	open
RAAML12-18	Add ProcessModel and ControlAlgorithm stereotypes to STPA Profile	RAAML 1.1	open
RAAML12-17	Threat should also be a subtype of Limitation-Factor	RAAML 1.1	open
RAAML12-16	Threat is not stereotyped as Threat, and must be stereotyped for consistency	RAAML 1.1	open
RAAML12-13	ProcessModelFlaw is not marked as Abstract and the name needs to be changed	RAAML 1.1	open
RAAML12-9	Revise .xmi files to represent addition of FHA method	RAAML 1.1b1	open
RAAML12-7	Add example for usage of RAAML for security	RAAML 1.1b1	open
RAAML12-5	Add FHA section to Examples document	RAAML 1.1b1	open
RAAML12-2	Add Functional Hazard Assessment (FHA) method to RAAML	RAAML 1.1b1	open
RAAML12-1	ARP 4751 doesn't exist	RAAML 1.1b1	open

Issues Descriptions

Add stereotype for Vulnerability

Key: RAAML12-22
Status: open
Source: Ford Motor Company ( Mr. Kyle Post)
Summary:
The Vulnerability element is stereotyped by a generic <<Situation>> stereotype and there is no dedicated <<Vulnerability>> stereotype. To resolve this add a stereotype for Vulnerability. This change should help ensure consistency with Factors and Limitations in the STPA Loss Scenario
Reported: RAAML 1.1 — Mon, 13 Apr 2026 12:51 GMT
Updated: Mon, 13 Apr 2026 13:03 GMT

Add stereotype for Weakness

Key: RAAML12-23
Status: open
Source: Ford Motor Company ( Mr. Kyle Post)
Summary:
The Weakness element is stereotyped by a generic <<Situation>> stereotype and there is no dedicated <<Weakness>> stereotype. To resolve this, the ticket calls for adding a stereotype for Weakness. This change should help ensure consistency with Factors and Limitations in the STPA Loss Scenario.
Reported: RAAML 1.1 — Mon, 13 Apr 2026 12:58 GMT
Updated: Mon, 13 Apr 2026 13:02 GMT

Weakness is not stereotyped as Weakness, and is not marked as Abstract and must be made abstract for consistency

Key: RAAML12-14
Status: open Implementation work Blocked
Source: MITRE ( Ms. Mary Tolbert)
Summary:
The issue is that Weakness is not currently stereotyped as Weakness, and is not marked as Abstract, which puts it out of alignment with the other RAAML library elements. To resolve this, the ticket calls for stereotyping it as Weakness and marking it as abstract. This change should help ensure consistency with Factors and Limitations in the STPA Loss Scenario.
Reported: RAAML 1.1 — Tue, 24 Mar 2026 13:52 GMT
Updated: Mon, 13 Apr 2026 12:58 GMT

Vulnerability is not currently stereotyped as Vulnerability, and is not marked as Abstract,

Key: RAAML12-15
Status: open Implementation work Blocked
Source: MITRE ( Ms. Mary Tolbert)
Summary:
The issue is that Vulnerability is not currently stereotyped as Vulnerability, and is not marked as Abstract, which puts it out of alignment with the other RAAML library elements. To resolve this, the ticket calls for stereotyping it as Vulnerability and marking it as abstract. This change should help ensure consistency with Factors and Limitations in the STPA Loss Scenario
Reported: RAAML 1.1 — Tue, 24 Mar 2026 13:54 GMT
Updated: Mon, 13 Apr 2026 12:51 GMT

ProcessModelFlaw is not marked as Abstract and the name needs to be changed

Key: RAAML12-11
Status: open
Source: Ford Motor Company ( Mr. Kyle Post)
Summary:
ProcessModelFlaw is not marked as Abstract. It must be abstract consistent with the other RAAML library elements. In addition the name ProcessModelFlaw is causing confusion and should be called ControlFlaw to be consistent with the Undesired Control Action and Control Structure.
Reported: RAAML 1.1 — Mon, 23 Mar 2026 14:20 GMT
Updated: Mon, 13 Apr 2026 12:10 GMT

Add ProcessModel and ControlAlgorithm stereotypes to STPA Profile

Key: RAAML12-18
Status: open Implementation work Blocked
Source: MITRE ( Ms. Mary Tolbert)
Summary:
The issue is that ProcessModel and ControlAlgorithm are not currently stereotypes in the STPA profile, but is required to accurately model a STPA Control Structure.
Reported: RAAML 1.1 — Tue, 24 Mar 2026 15:52 GMT
Updated: Wed, 8 Apr 2026 15:36 GMT

Threat should also be a subtype of Limitation-Factor

Key: RAAML12-17
Status: open Implementation work Blocked
Source: MITRE ( Ms. Mary Tolbert)
Summary:
The issue is that Threat is not currently considered as a Limitation-Factor, which is necessary in creating STPA Loss Scenarios. To resolve this, the ticket calls for making Threat a subtype of Limitation.
Reported: RAAML 1.1 — Tue, 24 Mar 2026 14:02 GMT
Updated: Wed, 8 Apr 2026 15:35 GMT

Threat is not stereotyped as Threat, and must be stereotyped for consistency

Key: RAAML12-16
Status: open Implementation work Blocked
Source: MITRE ( Ms. Mary Tolbert)
Summary:
The issue is that Threat is not currently stereotyped as Threat, which puts it out of alignment with the other RAAML profile elements. To resolve this, the ticket calls for stereotyping it as Threat.
Reported: RAAML 1.1 — Tue, 24 Mar 2026 13:58 GMT
Updated: Wed, 8 Apr 2026 15:35 GMT

ProcessModelFlaw is not marked as Abstract and the name needs to be changed

Key: RAAML12-13
Status: open
Source: Ford Motor Company ( Mr. Kyle Post)
Summary:
ProcessModelFlaw is not marked as Abstract. It must be abstract consistent with the other RAAML library elements. In addition the name ProcessModelFlaw is causing confusion and should be called ControlFlaw to be consistent with the Undesired Control Action and Control Structure.
Reported: RAAML 1.1 — Mon, 23 Mar 2026 13:42 GMT
Updated: Wed, 8 Apr 2026 15:32 GMT

Revise .xmi files to represent addition of FHA method

Key: RAAML12-9
Status: open
Source: Ford Motor Company ( Mr. Kyle Post)
Summary:
Revise the associated RAAML .xmi files to represent the changes made in the specification to add the new FHA method
Reported: RAAML 1.1b1 — Fri, 30 Jan 2026 21:27 GMT
Updated: Wed, 11 Feb 2026 00:23 GMT
Attachments:
- RAAML_v12_XMIsChangedByFHAAccept.zip 31 kB (application/zip)

Add example for usage of RAAML for security

Key: RAAML12-7
Status: open
Source: Ford Motor Company ( Mr. Kyle Post)
Summary:
Add an example for how the elements relevant to security can be modeled by the end user for a security analysis.
Reported: RAAML 1.1b1 — Mon, 8 Dec 2025 17:34 GMT
Updated: Wed, 11 Feb 2026 00:23 GMT
Attachments:
- OMG RAAML Examples 1.1 changebars SysML4Sec.docx 6.20 MB (application/vnd.openxmlformats-officedocument.wordprocessingml.document)

Add FHA section to Examples document

Key: RAAML12-5
Status: open
Source: Boeing ( Mr. David Duran)
Summary:
RAAML contains the ISO 26262 method to support the analysis and requirement specification aspects of Functional Safety. However, ISO 26262 focuses on the automotive industry. To also cover the aerospace sector, the Functional Hazard Assessment (FHA) method according to ARP 4761A should be brought as a method to RAAML and should be properly linked to Core, General, FMEA and ISO 26262 packages.

The examples document should reflect this change.
Reported: RAAML 1.1b1 — Tue, 21 Oct 2025 21:48 GMT
Updated: Wed, 11 Feb 2026 00:23 GMT
Attachments:
- FHATable.png 126 kB (image/png)
- FailureConditionMatrix.png 53 kB (image/png)
- FailureConditionTable.png 43 kB (image/png)
- FailureEffectAssessments.png 105 kB (image/png)
- FunctionalDecomposition1.png 44 kB (image/png)
- FunctionalDecomposition2.png 15 kB (image/png)
- FunctionalDecomposition3.png 10 kB (image/png)
- FunctionalFailureBDD.png 47 kB (image/png)
- FunctionalFailureTable.png 41 kB (image/png)
- OMG RAAML Examples 1.1.docx 2.72 MB (application/vnd.openxmlformats-officedocument.wordprocessingml.document)
- OMG RAAML Examples 1.1_wFHA_2.docx 3.38 MB (application/vnd.openxmlformats-officedocument.wordprocessingml.document)
- RelationMap.png 42 kB (image/png)
- S18AFHATable.png 149 kB (image/png)

Add Functional Hazard Assessment (FHA) method to RAAML

Key: RAAML12-2
Status: open
Source: Ford Motor Company ( Mr. Kyle Post)
Summary:
RAAML contains the ISO 26262 method to support the analysis and requirement specification aspects of Functional Safety. However, ISO 26262 focuses on the automotive industry. To also cover the aerospace sector, the Functional Hazard Assessment (FHA) method according to ARP 4761A should be brought as a method to RAAML and should be properly linked to Core, General, FMEA and ISO 26262 packages.
Reported: RAAML 1.1b1 — Wed, 26 Mar 2025 13:49 GMT
Updated: Wed, 11 Feb 2026 00:23 GMT
Attachments:
- Assumption.png 3 kB (image/png)
- DevelopmentAssuranceLevel.png 7 kB (image/png)
- EnvironmentalCondition.png 18 kB (image/png)
- ExternalEvent.png 24 kB (image/png)
- FDAL.png 2 kB (image/png)
- FHA.png 70 kB (image/png)
- FailureCondition.png 22 kB (image/png)
- FailureEffectAssessment.png 45 kB (image/png)
- FlightPhase.png 14 kB (image/png)
- FunctionalFailure.png 48 kB (image/png)
- FunctionalFailure_profile.png 18 kB (image/png)
- General.png 62 kB (image/png)
- General_profile.png 87 kB (image/png)
- HarmRealization.png 17 kB (image/png)
- IDAL.png 2 kB (image/png)
- OMG RAAML 1.1_wFHA_2.docx 3.53 MB (application/vnd.openxmlformats-officedocument.wordprocessingml.document)
- OperationalCondition.png 25 kB (image/png)
- OperationalEvent.png 20 kB (image/png)
- STPA.png 136 kB (image/png)

ARP 4751 doesn't exist

Key: RAAML12-1
Status: open
Source: RTX ( Mr. Andrew Muxen)
Summary:
I suspect that this is a typo. I don't think that ARP4751 exists BUT ARP4761 exists. Review and make sure we are referencing the correct standard.
Reported: RAAML 1.1b1 — Wed, 16 Oct 2024 14:38 GMT
Updated: Wed, 11 Feb 2026 00:23 GMT