Showing:

Annotations
Attributes
Diagrams
Facets
Model
Properties
Source
Used by
Element boe:SecurityControlType / boe:Rationale
Namespace urn:us:gov:ic:boe
Annotations

For controls identified as not applicable, provide justification. Provide a risk-based rationale for adding or removing a control (tailoring). For those controls tailored by an overlay, referencing the name of the overlay is sufficient rationale. If two overlays provide conflicting guidance, then select which overlay takes precedence and document the rationale for the decision.

Source: CNSSI-1254 appendix C SSP Data elements #16

Diagram
Diagram
Type LongStringWithSecurityType
Properties
content simple
minOccurs 0
maxOccurs 1
Source
<xsd:element name="Rationale" type="ism:LongStringWithSecurityType" minOccurs="0" maxOccurs="1">
  <xsd:annotation>
    <xsd:documentation>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">For controls identified as not applicable, provide justification. Provide a risk-based rationale for adding or removing a control (tailoring). For those controls tailored by an overlay, referencing the name of the overlay is sufficient rationale. If two overlays provide conflicting guidance, then select which overlay takes precedence and document the rationale for the decision.</p>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C SSP Data elements #16</p>
    </xsd:documentation>
  </xsd:annotation>
</xsd:element>
Schema location BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Element boe:SecurityControlType / boe:ImplementationDescription
Namespace urn:us:gov:ic:boe
Annotations

Provide a short description of how the control, enhancement, and/or requirement is implemented. Document how, and at what frequency, Common Control Providers will make compliance status of inherited controls available. Reference to the information security Continuous monitoring (ISCM) strategy should be included.

Source: CNSSI-1254 appendix C SSP Data elements #16

Diagram
Diagram
Type LongStringWithSecurityType
Properties
content simple
minOccurs 0
maxOccurs 1
Source
<xsd:element name="ImplementationDescription" type="ism:LongStringWithSecurityType" minOccurs="0" maxOccurs="1">
  <xsd:annotation>
    <xsd:documentation>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Provide a short description of how the control, enhancement, and/or requirement is implemented. Document how, and at what frequency, Common Control Providers will make compliance status of inherited controls available. Reference to the information security Continuous monitoring (ISCM) strategy should be included.</p>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C SSP Data elements #16</p>
    </xsd:documentation>
  </xsd:annotation>
</xsd:element>
Schema location BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Complex Type boe:SecurityControlType
Namespace urn:us:gov:ic:boe
Diagram
Diagram BOE_xsd_Complex_Type_boe_SecurityControlType.tmp#SecurityControlType_number BOE_xsd_Complex_Type_boe_SecurityControlType.tmp#SecurityControlType_name BOE_xsd_Complex_Type_boe_SecurityControlType.tmp#SecurityControlType_status BOE_xsd_Complex_Type_boe_SecurityControlType.tmp#SecurityControlType_Rationale BOE_xsd_Complex_Type_boe_SecurityControlType.tmp#SecurityControlType_ImplementationDescription
Used by
Model
Children boe:ImplementationDescription , boe:Rationale
Attributes
QName Type Use Annotation
boe:name ShortStringType required

The name of the control, enhancement, and/or requirement.

boe:number ShortStringType required

The number of the control, enhancement, and/or requirement.

boe:status boe:ControlStatusEnum required

The implementation status of the control, enhancement, and/or requirement.

Source
<xsd:complexType name="SecurityControlType">
  <xsd:all>
    <xsd:element name="Rationale" type="ism:LongStringWithSecurityType" minOccurs="0" maxOccurs="1">
      <xsd:annotation>
        <xsd:documentation>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">For controls identified as not applicable, provide justification. Provide a risk-based rationale for adding or removing a control (tailoring). For those controls tailored by an overlay, referencing the name of the overlay is sufficient rationale. If two overlays provide conflicting guidance, then select which overlay takes precedence and document the rationale for the decision.</p>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C SSP Data elements #16</p>
        </xsd:documentation>
      </xsd:annotation>
    </xsd:element>
    <xsd:element name="ImplementationDescription" type="ism:LongStringWithSecurityType" minOccurs="0" maxOccurs="1">
      <xsd:annotation>
        <xsd:documentation>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Provide a short description of how the control, enhancement, and/or requirement is implemented. Document how, and at what frequency, Common Control Providers will make compliance status of inherited controls available. Reference to the information security Continuous monitoring (ISCM) strategy should be included.</p>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C SSP Data elements #16</p>
        </xsd:documentation>
      </xsd:annotation>
    </xsd:element>
  </xsd:all>
  <xsd:attribute name="number" type="ism:ShortStringType" use="required">
    <xsd:annotation>
      <xsd:documentation>
        <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The number of the control, enhancement, and/or requirement.</p>
      </xsd:documentation>
    </xsd:annotation>
  </xsd:attribute>
  <xsd:attribute name="name" type="ism:ShortStringType" use="required">
    <xsd:annotation>
      <xsd:documentation>
        <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The name of the control, enhancement, and/or requirement.</p>
      </xsd:documentation>
    </xsd:annotation>
  </xsd:attribute>
  <xsd:attribute name="status" type="boe:ControlStatusEnum" use="required">
    <xsd:annotation>
      <xsd:documentation>
        <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The implementation status of the control, enhancement, and/or requirement.</p>
      </xsd:documentation>
    </xsd:annotation>
  </xsd:attribute>
</xsd:complexType>
Schema location BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Attribute boe:SecurityControlType / @boe:number
Namespace urn:us:gov:ic:boe
Annotations

The number of the control, enhancement, and/or requirement.

Type ShortStringType
Properties
use required
Used by
Source
<xsd:attribute name="number" type="ism:ShortStringType" use="required">
  <xsd:annotation>
    <xsd:documentation>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The number of the control, enhancement, and/or requirement.</p>
    </xsd:documentation>
  </xsd:annotation>
</xsd:attribute>
Schema location BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Attribute boe:SecurityControlType / @boe:name
Namespace urn:us:gov:ic:boe
Annotations

The name of the control, enhancement, and/or requirement.

Type ShortStringType
Properties
use required
Used by
Source
<xsd:attribute name="name" type="ism:ShortStringType" use="required">
  <xsd:annotation>
    <xsd:documentation>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The name of the control, enhancement, and/or requirement.</p>
    </xsd:documentation>
  </xsd:annotation>
</xsd:attribute>
Schema location BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Attribute boe:SecurityControlType / @boe:status
Namespace urn:us:gov:ic:boe
Annotations

The implementation status of the control, enhancement, and/or requirement.

Type boe:ControlStatusEnum
Properties
use required
Facets
enumeration IMPLEMENTED

The control has been implemented

enumeration PLANNED

The control has not yet been implemented but is planned

enumeration NOTAPPLICABLE

The control is not applicable to the system

Used by
Source
<xsd:attribute name="status" type="boe:ControlStatusEnum" use="required">
  <xsd:annotation>
    <xsd:documentation>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The implementation status of the control, enhancement, and/or requirement.</p>
    </xsd:documentation>
  </xsd:annotation>
</xsd:attribute>
Schema location BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.

This document has been approved for Public Release by the Office of the Director of National Intelligence. See Distribution Notice for details. Click Here