-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
poam-dictionary.json
153 lines (152 loc) · 3.36 KB
/
poam-dictionary.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
[
{
"field": "POAM ID",
"description": "Unique identifier for each POAM Item",
"type": "Text"
},
{
"field": "Controls",
"description": "Applicable 800-53 Control(s)",
"type": "Text"
},
{
"field": "Weakness Name",
"description": "Name of the weakness as provided by the scanner or otherwise summarizing the weakness",
"type": "Text"
},
{
"field": "Weakness Desription",
"description": "Description of the weakness and other information",
"type": "Text"
},
{
"field": "Weakness Detector Source",
"description": "The scanner name or other source that detected the vulnerability",
"type": "Text"
},
{
"field": "Weakness Source Identifier",
"description": "",
"type": "Text"
},
{
"field": "Asset Identifier",
"description": "",
"type": "Text"
},
{
"field": "Point of Contact",
"description": "",
"type": "Text"
},
{
"field": "Resources Required",
"description": "",
"type": "Text"
},
{
"field": "Overall Remediation Plan",
"description": "",
"type": "Text"
},
{
"field": "Original Detection Date",
"description": "",
"type": "Text"
},
{
"field": "Scheduled Completion Date",
"description": "",
"type": "Text"
},
{
"field": "Planned Milestones",
"description": "",
"type": "Text"
},
{
"field": "Milestone Changes",
"description": "",
"type": "Text"
},
{
"field": "Status Date",
"description": "",
"type": "Text"
},
{
"field": "Vendor Dependency",
"description": "",
"type": "Text"
},
{
"field": "Last Vendor Check-in Date",
"description": "",
"type": "Text"
},
{
"field": "Vendor Dependent Product Name",
"description": "",
"type": "Text"
},
{
"field": "Original Risk Rating",
"description": "",
"type": "Text"
},
{
"field": "Adjusted Risk Rating",
"description": "",
"type": "Text"
},
{
"field": "Risk Adjustment",
"description": "",
"type": "Text"
},
{
"field": "False Positive",
"description": "",
"type": "Text"
},
{
"field": "Operational Requirement",
"description": "",
"type": "Text"
},
{
"field": "Deviation Rationale",
"description": "",
"type": "Text"
},
{
"field": "Supporting Documents",
"description": "",
"type": "Text"
},
{
"field": "Comments",
"description": "",
"type": "Text"
},
{
"field": "Auto-Approve",
"description": "",
"type": "Text"
},
{
"field": "Binding Operational Directive 22-01 tracking",
"description": "",
"type": "Text"
},
{
"field": "Binding Operational Directive 22-01 Due Date",
"description": "If this vulnerability is listed among the CISA Known Exploited Vulnerability Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) include the due date given by CISA for this vulnerability",
"type": "Text"
},
{
"field": "CVE",
"description": "The associated CVE numbers for this vulnerability",
"type": "Text"
}
]