Showing:

Diagrams
Model
Source
Used by
Complex Type boe:POAMType
Namespace urn:us:gov:ic:boe
Diagram
Diagram BOE_xsd_Element_boe_AssessmentDate.tmp#AssessmentDate BOE_xsd_Element_boe_Deficiency.tmp#Deficiency BOE_xsd_Element_boe_IdentifyingEvent.tmp#IdentifyingEvent BOE_xsd_Element_boe_ApplicableSecurityControl.tmp#ApplicableSecurityControl BOE_xsd_Element_boe_Milestones.tmp#Milestones BOE_xsd_Element_boe_Comments.tmp#Comments BOE_xsd_Element_boe_ScheduledCompletionDate.tmp#ScheduledCompletionDate BOE_xsd_Element_boe_CompletionStatus.tmp#CompletionStatus BOE_xsd_Element_boe_CompletionDate.tmp#CompletionDate BOE_xsd_Element_boe_PointOfContact.tmp#PointOfContact
Used by
Element boe:POAM
Model
Children boe:ApplicableSecurityControl , boe:AssessmentDate , boe:Comments , boe:CompletionDate , boe:CompletionStatus , boe:Deficiency , boe:IdentifyingEvent , boe:Milestones , boe:PointOfContact , boe:ScheduledCompletionDate
Source
<xsd:complexType name="POAMType">
  <xsd:all>
    <xsd:element ref="boe:AssessmentDate"/>
    <xsd:element ref="boe:Deficiency"/>
    <xsd:element ref="boe:IdentifyingEvent" minOccurs="0"/>
    <xsd:element ref="boe:ApplicableSecurityControl" minOccurs="0"/>
    <xsd:element ref="boe:Milestones" minOccurs="0"/>
    <xsd:element ref="boe:Comments" minOccurs="0">
      <xsd:annotation>
        <xsd:documentation>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">In a POA&M, this is used for additional detail or clarifications; must be used if there is a delay. The comments should identify obstacles and challenges to resolving the weakness not related to funding (e.g., lack of personnel or expertise or developing new system to replace legacy system)</p>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #5, NIST SP 800-37</p>
        </xsd:documentation>
      </xsd:annotation>
    </xsd:element>
    <xsd:element ref="boe:ScheduledCompletionDate" minOccurs="0">
      <xsd:annotation>
        <xsd:documentation>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">A realistic estimate of the date when the corrective action will be implemented/tested. This date should not be changed. Actual completion date should be placed in the Status field</p>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #6, NIST SP 800-37</p>
        </xsd:documentation>
      </xsd:annotation>
    </xsd:element>
    <xsd:element ref="boe:CompletionStatus">
      <xsd:annotation>
        <xsd:documentation>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Indicates the stage or state of the POA&M in the corrective process cycle (Completed, Ongoing, Delayed, or Planned). The Completed status should be used only when the POA&M has been fully resolved and the corrective action has been tested. When listing items as ?Completed,? also include the date of completion in this column</p>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #9, NIST SP 800-37</p>
        </xsd:documentation>
      </xsd:annotation>
    </xsd:element>
    <xsd:element ref="boe:CompletionDate" minOccurs="0">
      <xsd:annotation>
        <xsd:documentation>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The date the POA&M was actually completed. Only fill in if ComplitionStatus is "COMPLETE"</p>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #9, NIST SP 800-37</p>
        </xsd:documentation>
      </xsd:annotation>
    </xsd:element>
    <xsd:element ref="boe:PointOfContact">
      <xsd:annotation>
        <xsd:documentation>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Organization or title of the position within the organization who is responsible for the mitigation of the weakness.</p>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #10, NIST SP 800-37</p>
        </xsd:documentation>
      </xsd:annotation>
    </xsd:element>
  </xsd:all>
</xsd:complexType>
Schema location BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.

This document has been approved for Public Release by the Office of the Director of National Intelligence. See Distribution Notice for details. Click Here