Showing:

Annotations
Diagrams
Facets
Properties
Source
Used by
Complex Type boe:VulnerabilityType
Namespace urn:us:gov:ic:boe
Diagram
Diagram BOE_xsd_Complex_Type_boe_VulnerabilityType.tmp#VulnerabilityType_severity BOE_xsd_Complex_Type_boe_VulnerabilityType.tmp#VulnerabilityType_identifier
Type extension of LongStringWithSecurityType
Type hierarchy
Used by
Source
<xsd:complexType name="VulnerabilityType">
  <xsd:simpleContent>
    <xsd:extension base="ism:LongStringWithSecurityType">
      <xsd:attribute name="severity" type="boe:RatingScaleEnum">
        <xsd:annotation>
          <xsd:documentation>
            <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Identifies the severity of vulnerabilities or the pervasiveness of the predisposing conditions as very low, low, moderate, high, very high</p>
            <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C RAR Data elements #13, NIST SP 800-30</p>
          </xsd:documentation>
        </xsd:annotation>
      </xsd:attribute>
      <xsd:attribute name="identifier" use="optional" type="ism:ShortStringType">
        <xsd:annotation>
          <xsd:documentation>
            <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">A number used to track and correlate vulnerabilities that are ongoing within the organization. The numbering schema for the vulnerability identifier is organizationally defined and is organizationally derived</p>
            <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C SAR, RAR, and POA&M Data elements #2, NIST SP 800-37</p>
          </xsd:documentation>
        </xsd:annotation>
      </xsd:attribute>
    </xsd:extension>
  </xsd:simpleContent>
</xsd:complexType>
Schema location BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Attribute boe:VulnerabilityType / @boe:severity
Namespace urn:us:gov:ic:boe
Annotations

Identifies the severity of vulnerabilities or the pervasiveness of the predisposing conditions as very low, low, moderate, high, very high

Source: CNSSI-1254 appendix C RAR Data elements #13, NIST SP 800-30

Type boe:RatingScaleEnum
Properties
content simple
Facets
enumeration VERY_LOW
enumeration LOW
enumeration MODERATE
enumeration HIGH
enumeration VERY_HIGH
Used by
Complex Type boe:VulnerabilityType
Source
<xsd:attribute name="severity" type="boe:RatingScaleEnum">
  <xsd:annotation>
    <xsd:documentation>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Identifies the severity of vulnerabilities or the pervasiveness of the predisposing conditions as very low, low, moderate, high, very high</p>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C RAR Data elements #13, NIST SP 800-30</p>
    </xsd:documentation>
  </xsd:annotation>
</xsd:attribute>
Schema location BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Attribute boe:VulnerabilityType / @boe:identifier
Namespace urn:us:gov:ic:boe
Annotations

A number used to track and correlate vulnerabilities that are ongoing within the organization. The numbering schema for the vulnerability identifier is organizationally defined and is organizationally derived

Source: CNSSI-1254 appendix C SAR, RAR, and POA&M Data elements #2, NIST SP 800-37

Type ShortStringType
Properties
use optional
Used by
Complex Type boe:VulnerabilityType
Source
<xsd:attribute name="identifier" use="optional" type="ism:ShortStringType">
  <xsd:annotation>
    <xsd:documentation>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">A number used to track and correlate vulnerabilities that are ongoing within the organization. The numbering schema for the vulnerability identifier is organizationally defined and is organizationally derived</p>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:ownerProducer="USA" ism:classification="U">Source: CNSSI-1254 appendix C SAR, RAR, and POA&M Data elements #2, NIST SP 800-37</p>
    </xsd:documentation>
  </xsd:annotation>
</xsd:attribute>
Schema location BOE.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.

This document has been approved for Public Release by the Office of the Director of National Intelligence. See Distribution Notice for details. Click Here