Identifies a vulnerability which could be exploited by threat sources and the predisposing
conditions which could increase the likelihood of undesirable consequences and/or
adverse impacts
Source: CNSSI-1254 appendix C RAR Data elements #12, NIST SP 800-30
This attribute is only a placeholder so that all the ISM attributes are not shown
in the schemaGuide for every element. If you refer to the documentation of the
attribute group it will say what attributes should be here.
A number used to track and correlate vulnerabilities that are ongoing within the organization.
The numbering schema for the vulnerability identifier is organizationally defined
and is organizationally derived
Source: CNSSI-1254 appendix C SAR, RAR, and POA&M Data elements #2, NIST SP 800-37
Identifies the severity of vulnerabilities or the pervasiveness of the predisposing
conditions as very low, low, moderate, high, very high
Source: CNSSI-1254 appendix C RAR Data elements #13, NIST SP 800-30
Source
<xsd:element name="Vulnerability" type="boe:VulnerabilityType"><xsd:annotation><xsd:documentation><p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Identifies a vulnerability which could be exploited by threat sources and the predisposing conditions which could increase the likelihood of undesirable consequences and/or adverse impacts</p><p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C RAR Data elements #12, NIST SP 800-30</p></xsd:documentation></xsd:annotation></xsd:element>
Schema location
BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
This document has been approved for Public Release by the Office of the Director of National Intelligence. See Distribution Notice for details.
Click Here