Showing:

Diagrams
Model
Source
Used by
Complex Type boe:DeficiencyType
Namespace urn:us:gov:ic:boe
Diagram
Diagram BOE_xsd_Element_boe_Name.tmp#Name BOE_xsd_Element_boe_Description.tmp#Description
Used by
Element boe:Deficiency
Model
Children boe:Description , boe:Name
Source
<xsd:complexType name="DeficiencyType">
  <xsd:all>
    <xsd:element ref="boe:Name">
      <xsd:annotation>
        <xsd:documentation>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">A short name to describe the deficency, vulnerability, or weakness</p>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #1, NIST SP 800-37</p>
        </xsd:documentation>
      </xsd:annotation>
    </xsd:element>
    <xsd:element ref="boe:Description">
      <xsd:annotation>
        <xsd:documentation>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">A short description of the program or system-level information security vulnerability that poses a risk of compromising confidentiality, integrity, or availability of information or the system, if applicable</p>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Contains both initial vulnerability (does not include false positives) from the SAR and the risk assessment level from the RAR</p>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Sufficient detail must be provided to permit oversight and tracking.</p>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #1 and #2, NIST SP 800-37</p>
        </xsd:documentation>
      </xsd:annotation>
    </xsd:element>
  </xsd:all>
  <xsd:attributeGroup ref="ism:SecurityAttributesGroup"/>
</xsd:complexType>
Schema location BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.

This document has been approved for Public Release by the Office of the Director of National Intelligence. See Distribution Notice for details. Click Here