<xsd:complexType name="DeficiencyType">
<xsd:all>
<xsd:element ref="boe:Name">
<xsd:annotation>
<xsd:documentation>
<p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">A short name to describe the deficency, vulnerability, or weakness</p>
<p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #1, NIST SP 800-37</p>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element ref="boe:Description">
<xsd:annotation>
<xsd:documentation>
<p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">A short description of the program or system-level information security vulnerability that poses a risk of compromising confidentiality, integrity, or availability of information or the system, if applicable</p>
<p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Contains both initial vulnerability (does not include false positives) from the SAR and the risk assessment level from the RAR</p>
<p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Sufficient detail must be provided to permit oversight and tracking.</p>
<p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C POA&M Data elements #1 and #2, NIST SP 800-37</p>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:all>
<xsd:attributeGroup ref="ism:SecurityAttributesGroup"/>
</xsd:complexType>
|