<xsd:complexType name="IdentifyingEventType">
<xsd:all>
<xsd:element name="Event" type="ism:ShortStringWithSecurityType">
<xsd:annotation>
<xsd:documentation>
<p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The event that identified the deficiency (e.g., security controls assessment, penetration test)</p>
<p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #3, NIST SP 800-37</p>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="ReviewingOrganization" type="ism:ShortStringWithSecurityType">
<xsd:annotation>
<xsd:documentation>
<p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The organization responsible for the event where an organization is an entity of any size, complexity, or positioning within an organizational structure (e.g., a federal agency, or, as appropriate, any of its operational elements).</p>
<p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #3, NIST SP 800-37</p>
<p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-4009 (Organization)</p>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:all>
<xsd:attribute name="date" type="boe:DateWithoutTimezone">
<xsd:annotation>
<xsd:documentation>
<p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The date the weakness was identified.</p>
<p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #3, NIST SP 800-37</p>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attributeGroup ref="ism:SecurityAttributesGroup"/>
</xsd:complexType>
|