<xsd:complexType name="VulnerabilityType">
<xsd:simpleContent>
<xsd:extension base="ism:LongStringWithSecurityType">
<xsd:attribute name="severity" type="boe:RatingScaleEnum">
<xsd:annotation>
<xsd:documentation>
<p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Identifies the severity of vulnerabilities or the pervasiveness of the predisposing conditions as very low, low, moderate, high, very high</p>
<p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C RAR Data elements #13, NIST SP 800-30</p>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="identifier" use="optional" type="ism:ShortStringType">
<xsd:annotation>
<xsd:documentation>
<p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">A number used to track and correlate vulnerabilities that are ongoing within the organization. The numbering schema for the vulnerability identifier is organizationally defined and is organizationally derived</p>
<p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C SAR, RAR, and POA&M Data elements #2, NIST SP 800-37</p>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
|