<xsd:complexType name="POAMType"><xsd:all><xsd:element ref="boe:AssessmentDate"/><xsd:element ref="boe:Deficiency"/><xsd:element ref="boe:IdentifyingEvent" minOccurs="0"/><xsd:element ref="boe:ApplicableSecurityControl" minOccurs="0"/><xsd:element ref="boe:Milestones" minOccurs="0"/><xsd:element ref="boe:Comments" minOccurs="0"><xsd:annotation><xsd:documentation><p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">In a POA&M, this is used for additional detail or clarifications; must be used if there is a delay. The comments should identify obstacles and challenges to resolving the weakness not related to funding (e.g., lack of personnel or expertise or developing new system to replace legacy system)</p><p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #5, NIST SP 800-37</p></xsd:documentation></xsd:annotation></xsd:element><xsd:element ref="boe:ScheduledCompletionDate" minOccurs="0"><xsd:annotation><xsd:documentation><p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">A realistic estimate of the date when the corrective action will be implemented/tested. This date should not be changed. Actual completion date should be placed in the Status field</p><p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #6, NIST SP 800-37</p></xsd:documentation></xsd:annotation></xsd:element><xsd:element ref="boe:CompletionStatus"><xsd:annotation><xsd:documentation><p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Indicates the stage or state of the POA&M in the corrective process cycle (Completed, Ongoing, Delayed, or Planned). The Completed status should be used only when the POA&M has been fully resolved and the corrective action has been tested. When listing items as ?Completed,? also include the date of completion in this column</p><p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #9, NIST SP 800-37</p></xsd:documentation></xsd:annotation></xsd:element><xsd:element ref="boe:CompletionDate" minOccurs="0"><xsd:annotation><xsd:documentation><p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The date the POA&M was actually completed. Only fill in if ComplitionStatus is "COMPLETE"</p><p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #9, NIST SP 800-37</p></xsd:documentation></xsd:annotation></xsd:element><xsd:element ref="boe:PointOfContact"><xsd:annotation><xsd:documentation><p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Organization or title of the position within the organization who is responsible for the mitigation of the weakness.</p><p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #10, NIST SP 800-37</p></xsd:documentation></xsd:annotation></xsd:element></xsd:all></xsd:complexType>
Schema location
BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
This document has been approved for Public Release by the Office of the Director of National Intelligence. See Distribution Notice for details.
Click Here