<xsd:complexType name="SecurityControlType">
<xsd:all>
<xsd:element name="Rationale" type="ism:LongStringWithSecurityType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
<p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">For controls identified as not applicable, provide justification. Provide a risk-based rationale for adding or removing a control (tailoring). For those controls tailored by an overlay, referencing the name of the overlay is sufficient rationale. If two overlays provide conflicting guidance, then select which overlay takes precedence and document the rationale for the decision.</p>
<p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C SSP Data elements #16</p>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="ImplementationDescription" type="ism:LongStringWithSecurityType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
<p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Provide a short description of how the control, enhancement, and/or requirement is implemented. Document how, and at what frequency, Common Control Providers will make compliance status of inherited controls available. Reference to the information security Continuous monitoring (ISCM) strategy should be included.</p>
<p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C SSP Data elements #16</p>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:all>
<xsd:attribute name="number" type="ism:ShortStringType" use="required">
<xsd:annotation>
<xsd:documentation>
<p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The number of the control, enhancement, and/or requirement.</p>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="name" type="ism:ShortStringType" use="required">
<xsd:annotation>
<xsd:documentation>
<p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The name of the control, enhancement, and/or requirement.</p>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="status" type="boe:ControlStatusEnum" use="required">
<xsd:annotation>
<xsd:documentation>
<p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The implementation status of the control, enhancement, and/or requirement.</p>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
|