Skip to content

Commit 547679b

Browse files
David WaltermireiMichaela
David Waltermire
authored and
iMichaela
committed
Added facet system, names, and values for CVSS v4.0.
1 parent 7fce8b1 commit 547679b

File tree

1 file changed

+168
-0
lines changed

1 file changed

+168
-0
lines changed

src/metaschema/oscal_assessment-common_metaschema.xml

Lines changed: 168 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1381,6 +1381,7 @@
13811381
<enum value="http://www.first.org/cvss/v2.0">The facet naming system for representing Common Vunerability Scoring System (CVSS) vectors as defined by the the <a href="https://www.first.org/">Forum for Incident Response and Security Teams</a> <a href="https://www.first.org/cvss/">CVSS Special Interest Group</a> (CVSS-SIG) for <a href="https://www.first.org/cvss/v2/">CVSS v2</a>.</enum>
13821382
<enum value="http://www.first.org/cvss/v3.0">The facet naming system for representing Common Vunerability Scoring System (CVSS) vectors as defined by the the <a href="https://www.first.org/">Forum for Incident Response and Security Teams</a> <a href="https://www.first.org/cvss/">CVSS Special Interest Group</a> (CVSS-SIG) for <a href="https://www.first.org/cvss/v3-0/">CVSS v3.0</a>.</enum>
13831383
<enum value="http://www.first.org/cvss/v3.1">The facet naming system for representing Common Vunerability Scoring System (CVSS) vectors as defined by the the <a href="https://www.first.org/">Forum for Incident Response and Security Teams</a> <a href="https://www.first.org/cvss/">CVSS Special Interest Group</a> (CVSS-SIG) for <a href="https://www.first.org/cvss/v3-1/">CVSS v3.1</a>.</enum>
1384+
<enum value="https://www.first.org/cvss/v4-0">The facet naming system for representing Common Vunerability Scoring System (CVSS) vectors as defined by the the <a href="https://www.first.org/">Forum for Incident Response and Security Teams</a> <a href="https://www.first.org/cvss/">CVSS Special Interest Group</a> (CVSS-SIG) for <a href="https://www.first.org/cvss/v4-0/">CVSS v4.0</a>.</enum>
13841385
</allowed-values>
13851386
</constraint>
13861387
<remarks>
@@ -1596,6 +1597,173 @@
15961597
<enum value="unchanged">Unchanged</enum>
15971598
<enum value="changed">Changed</enum>
15981599
</allowed-values>
1600+
<allowed-values id="oscal-cvss-v4.0-vectors" target="(.)[@system=('https://www.first.org/cvss/v4-0')]/@name">
1601+
<enum value="av">Base: Attack Vector</enum>
1602+
<enum value="ac">Base: Attack Complexity</enum>
1603+
<enum value="at">Base: Attack Requirements</enum>
1604+
<enum value="pr">Base: Privileges Required</enum>
1605+
<enum value="ui">Base: User Interaction</enum>
1606+
<enum value="vc">Base: Vulnerable System Confidentiality Impact</enum>
1607+
<enum value="vi">Base: Vulnerable System Integrity Impact</enum>
1608+
<enum value="va">Base: Vulnerable System Availability Impact</enum>
1609+
<enum value="sc">Base: Subsequent System Confidentiality Impact</enum>
1610+
<enum value="si">Base: Vulnerable System Integrity Impact</enum>
1611+
<enum value="sa">Base: Vulnerable System Availability Impact</enum>
1612+
<enum value="s">Supplemental: Safety</enum>
1613+
<enum value="au">Supplemental: Automatable</enum>
1614+
<enum value="r">Supplemental: Recovery</enum>
1615+
<enum value="v">Supplemental: Value Density</enum>
1616+
<enum value="re">Supplemental: Vulnerability Response Effort</enum>
1617+
<enum value="u">Supplemental: Provider Urgency</enum>
1618+
<enum value="mav">Environmental: Modified Attack Vector</enum>
1619+
<enum value="mac">Environmental: Modified Attack Complexity</enum>
1620+
<enum value="mat">Environmental: Modified Attack Requirements</enum>
1621+
<enum value="mpr">Environmental: Modified Privileges Required</enum>
1622+
<enum value="mui">Environmental: Modified User Interaction</enum>
1623+
<enum value="mvc">Environmental: Modified Vulnerable System Confidentiality</enum>
1624+
<enum value="mvi">Environmental: Modified Vulnerable System Integrity</enum>
1625+
<enum value="mva">Environmental: Modified Vulnerable System Availability</enum>
1626+
<enum value="msc">Environmental: Subsequent Vulnerable System Confidentiality</enum>
1627+
<enum value="msi">Environmental: Subsequent Vulnerable System Integrity</enum>
1628+
<enum value="msa">Environmental: Subsequent Vulnerable System Availability</enum>
1629+
<enum value="cr">Environmental: Confidentiality Requirements</enum>
1630+
<enum value="ir">Environmental: Integrity Requirements</enum>
1631+
<enum value="ar">Environmental: Availability Requirements</enum>
1632+
<enum value="e">Threat: Exploit Maturity</enum>
1633+
</allowed-values>
1634+
<allowed-values id="oscal-cvss-v4.0-av-values" target=".[@system='https://www.first.org/cvss/v4-0') and @name='av']/@value">
1635+
<formal-name>Attack Vector Values</formal-name>
1636+
<enum value="n">Network</enum>
1637+
<enum value="a">Adjacent</enum>
1638+
<enum value="l">Local</enum>
1639+
<enum value="p">Physical</enum>
1640+
</allowed-values>
1641+
<allowed-values id="oscal-cvss-v4.0-ac-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name='ac']/@value">
1642+
<formal-name>Attack Complexity Values</formal-name>
1643+
<enum value="h">High</enum>
1644+
<enum value="l">Low</enum>
1645+
</allowed-values>
1646+
<allowed-values id="oscal-cvss-v4.0-at-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name='at']/@value">
1647+
<formal-name>Attack Requirements Values</formal-name>
1648+
<enum value="n">None</enum>
1649+
<enum value="p">Present</enum>
1650+
</allowed-values>
1651+
<allowed-values id="oscal-cvss-v4.0-pr-cia-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name=('pr','vc','vi','va','sc','si','sa')]/@value">
1652+
<formal-name>Privileges Required, Confidentiality, Integrity, and Availability Values</formal-name>
1653+
<enum value="n">None</enum>
1654+
<enum value="l">Low</enum>
1655+
<enum value="h">High</enum>
1656+
</allowed-values>
1657+
<allowed-values id="oscal-cvss-v4.0-ui-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name='ui']/@value">
1658+
<formal-name>User Interaction Values</formal-name>
1659+
<enum value="n">None</enum>
1660+
<enum value="p">Passive</enum>
1661+
<enum value="a">Active</enum>
1662+
</allowed-values>
1663+
<allowed-values id="oscal-cvss-v4.0-s-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name='s']/@value">
1664+
<formal-name>Safety Values</formal-name>
1665+
<enum value="x">Not Defined</enum>
1666+
<enum value="n">Negligible</enum>
1667+
<enum value="p">Present</enum>
1668+
</allowed-values>
1669+
<allowed-values id="oscal-cvss-v4.0-au-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name='au']/@value">
1670+
<formal-name>Automatable Values</formal-name>
1671+
<enum value="x">Not Defined</enum>
1672+
<enum value="n">No</enum>
1673+
<enum value="y">Yes</enum>
1674+
</allowed-values>
1675+
<allowed-values id="oscal-cvss-v4.0-r-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name='r']/@value">
1676+
<formal-name>Recovery Values</formal-name>
1677+
<enum value="x">Not Defined</enum>
1678+
<enum value="a">Automatic</enum>
1679+
<enum value="u">User</enum>
1680+
<enum value="i">Irrecoverable</enum>
1681+
</allowed-values>
1682+
<allowed-values id="oscal-cvss-v4.0-v-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name='v']/@value">
1683+
<formal-name>Value Density Values</formal-name>
1684+
<enum value="x">Not Defined</enum>
1685+
<enum value="a">Automatic</enum>
1686+
<enum value="u">User</enum>
1687+
<enum value="i">Irrecoverable</enum>
1688+
</allowed-values>
1689+
<allowed-values id="oscal-cvss-v4.0-re-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name='re']/@value">
1690+
<formal-name>Vulnerability Response Effort Values</formal-name>
1691+
<enum value="x">Not Defined</enum>
1692+
<enum value="l">Low</enum>
1693+
<enum value="m">Moderate</enum>
1694+
<enum value="h">High</enum>
1695+
</allowed-values>
1696+
<allowed-values id="oscal-cvss-v4.0-u-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name='u']/@value">
1697+
<formal-name>Provider Urgency Values</formal-name>
1698+
<enum value="x">Not Defined</enum>
1699+
<enum value="clear">Clear</enum>
1700+
<enum value="green">Green</enum>
1701+
<enum value="amber">Amber</enum>
1702+
<enum value="red">Red</enum>
1703+
</allowed-values>
1704+
<allowed-values id="oscal-cvss-v4.0-mav-values" target=".[@system='https://www.first.org/cvss/v4-0') and @name='mav']/@value">
1705+
<formal-name>Modified Attack Vector Values</formal-name>
1706+
<enum value="x">Not Defined</enum>
1707+
<enum value="n">Network</enum>
1708+
<enum value="a">Adjacent</enum>
1709+
<enum value="l">Local</enum>
1710+
<enum value="p">Physical</enum>
1711+
</allowed-values>
1712+
<allowed-values id="oscal-cvss-v4.0-mac-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name='mac']/@value">
1713+
<formal-name>Modified Attack Complexity Values</formal-name>
1714+
<enum value="x">Not Defined</enum>
1715+
<enum value="h">High</enum>
1716+
<enum value="l">Low</enum>
1717+
</allowed-values>
1718+
<allowed-values id="oscal-cvss-v4.0-mat-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name='mat']/@value">
1719+
<formal-name>Modified Attack Requirements Values</formal-name>
1720+
<enum value="x">Not Defined</enum>
1721+
<enum value="n">None</enum>
1722+
<enum value="p">Present</enum>
1723+
</allowed-values>
1724+
<allowed-values id="oscal-cvss-v4.0-mpr-mvs-cia-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name=('mpr','mvc','mvi')]/@value">
1725+
<formal-name>Modified Privileges Required, and Vulnerable System Confidentiality, Integrity, and Availability Values</formal-name>
1726+
<enum value="x">Not Defined</enum>
1727+
<enum value="n">None</enum>
1728+
<enum value="l">Low</enum>
1729+
<enum value="h">High</enum>
1730+
</allowed-values>
1731+
<allowed-values id="oscal-cvss-v4.0-mui-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name='mui']/@value">
1732+
<formal-name>Modified User Interaction Values</formal-name>
1733+
<enum value="x">Not Defined</enum>
1734+
<enum value="n">None</enum>
1735+
<enum value="p">Passive</enum>
1736+
<enum value="a">Active</enum>
1737+
</allowed-values>
1738+
<allowed-values id="oscal-cvss-v4.0-msc-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name='msc']/@value">
1739+
<formal-name>Modified Subsequent System Confidentiality Values</formal-name>
1740+
<enum value="x">Not Defined</enum>
1741+
<enum value="n">Negligible</enum>
1742+
<enum value="l">Low</enum>
1743+
<enum value="h">High</enum>
1744+
</allowed-values>
1745+
<allowed-values id="oscal-cvss-v4.0-msi-msa-cia-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name=('msi','msa')]/@value">
1746+
<formal-name>Modified Safety-Related Subsequent System Integrity and Availability Values</formal-name>
1747+
<enum value="x">Not Defined</enum>
1748+
<enum value="n">Negligible</enum>
1749+
<enum value="l">Low</enum>
1750+
<enum value="h">High</enum>
1751+
<enum value="s">Safety</enum>
1752+
</allowed-values>
1753+
<allowed-values id="oscal-cvss-v4.0-env-cia-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name=('cr','ir','ar')]/@value">
1754+
<formal-name>Vulnerability Response Effort Values</formal-name>
1755+
<enum value="x">Not Defined</enum>
1756+
<enum value="l">Low</enum>
1757+
<enum value="m">Medium</enum>
1758+
<enum value="h">High</enum>
1759+
</allowed-values>
1760+
<allowed-values id="oscal-cvss-v4.0-e-values" target=".[@system='https://www.first.org/cvss/v4-0' and @name='e']/@value">
1761+
<formal-name>Vulnerability Response Effort Values</formal-name>
1762+
<enum value="x">Not Defined</enum>
1763+
<enum value="a">Attacked</enum>
1764+
<enum value="p">PoC</enum>
1765+
<enum value="u">Unreported</enum>
1766+
</allowed-values>
15991767
</constraint>
16001768
</define-assembly>
16011769
</model>

0 commit comments

Comments
 (0)