For individual entries in the RAR, indicates the
residual risk level expected after mitigations are implemented (as described in the
POA&M). Identifies
the risk level as one of the following: very low, low, moderate, high, and very high)
Source: CNSSI-1254 appendix C RAR Data elements #18, NIST SP 800-30
This attribute is only a placeholder so that all the ISM attributes are not shown
in the schemaGuide for every element. If you refer to the documentation of the
attribute group it will say what attributes should be here.
Describe the overall level of risk
(e.g., very low, low, moderate, high, or very high) to the system, considering all
individual
risks, mitigating factors, environment, architecture, system's security categorization,
historical evidence, etc.
Source: CNSSI-1254 appendix C RAR Data elements #20, NIST SP 800-30
Source
<xsd:element name="ResidualRiskLevel" type="boe:RatedScaleResponseType"><xsd:annotation><xsd:documentation><p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">For individual entries in the RAR, indicates the residual risk level expected after mitigations are implemented (as described in the POA&M). Identifies the risk level as one of the following: very low, low, moderate, high, and very high)</p><p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C RAR Data elements #18, NIST SP 800-30</p></xsd:documentation></xsd:annotation></xsd:element>
Schema location
BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
This document has been approved for Public Release by the Office of the Director of National Intelligence. See Distribution Notice for details.
Click Here