Showing:

Annotations
Attributes
Diagrams
Properties
Source
Used by
Element boe:ResidualRiskLevel
Namespace urn:us:gov:ic:boe
Annotations

For individual entries in the RAR, indicates the residual risk level expected after mitigations are implemented (as described in the POA&M). Identifies the risk level as one of the following: very low, low, moderate, high, and very high)

Source: CNSSI-1254 appendix C RAR Data elements #18, NIST SP 800-30

Diagram
Diagram IC-ISM_xsd_Simple_Type_LongStringType.tmp#LongStringType IC-ISM_xsd_Attribute_Group_SecurityAttributesGroup.tmp#SecurityAttributesGroup IC-ISM_xsd_Complex_Type_LongStringWithSecurityType.tmp#LongStringWithSecurityType BOE_xsd_Complex_Type_boe_ResponseWithExplanation.tmp#ResponseWithExplanation_response BOE_xsd_Complex_Type_boe_ResponseWithExplanation.tmp#ResponseWithExplanation BOE_xsd_Complex_Type_boe_RatedScaleResponseType.tmp#RatedScaleResponseType_response BOE_xsd_Complex_Type_boe_RatedScaleResponseType.tmp#RatedScaleResponseType
Type boe:RatedScaleResponseType
Type hierarchy
Properties
content complex
Used by
Complex Type boe:ThreatEventType
Attributes
QName Type Use Annotation
SchemaguideSecurityAttributesGroup xsd:NMTOKEN optional
This attribute is only a placeholder so that all the ISM attributes are not shown in the schemaGuide for every element. If you refer to the documentation of the attribute group it will say what attributes should be here.
boe:response boe:RatingScaleEnum required

Describe the overall level of risk (e.g., very low, low, moderate, high, or very high) to the system, considering all individual risks, mitigating factors, environment, architecture, system's security categorization, historical evidence, etc.

Source: CNSSI-1254 appendix C RAR Data elements #20, NIST SP 800-30

Source
<xsd:element name="ResidualRiskLevel" type="boe:RatedScaleResponseType">
  <xsd:annotation>
    <xsd:documentation>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">For individual entries in the RAR, indicates the residual risk level expected after mitigations are implemented (as described in the POA&M). Identifies the risk level as one of the following: very low, low, moderate, high, and very high)</p>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C RAR Data elements #18, NIST SP 800-30</p>
    </xsd:documentation>
  </xsd:annotation>
</xsd:element>
Schema location BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.

This document has been approved for Public Release by the Office of the Director of National Intelligence. See Distribution Notice for details. Click Here