Asset Summary Reporting Core Attributes
Mark Davidson
Adam Halbardier
David Waltermire
gov:nist:scap:asr:attr:1.0
2012-05-07
A listing of standard attributes that can be leveraged on record-set-types defined for ASR. This
schema is associated with ASR 1.0.
A Common Configuration Enumeration (CCE) ID.
A Common Configuration Scoring System (CCSS) score.
A Common Platform Enumeration (CPE) 2.2 name, or CPE 2.3 formatted string or
URI.
A Common Vulnerabilities and Exposures (CVE) ID.
A Common Vulnerability Scoring System (CVSS) score.
A Common Weakness Enumeration (CWE) ID.
A Common Weakness Scoring System (CWSS) score.
An Open Checklist Interactive Language (OCIL) questionnaire ID.
The result of an Open Checklist Interactive Language (OCIL) questionnaire
evaluation.
An Open Checklist Interactive Language (OCIL) questionnaire ID.
The result of an Open Checklist Interactive Language (OCIL) questionnaire
evaluation.
An Open Vulnerability Assessment Language (OVAL) definition ID.
The result of an Open Vulnerability Assessment Language (OVAL) definition
evaluation.
An Extensible Configuration Checklist Description Format (XCCDF) benchmark
ID.
An Extensible Configuration Checklist Description Format (XCCDF) profile
ID.
An Extensible Configuration Checklist Description Format (XCCDF) rule ID.
The result of a compliance assessment against a target asset.
The result of an inventory assessment against a target asset.
The result of any boolean finding against a target asset.
A count of assets.
The mean (statistical average).
The median (statistical average).
The mode (statistical average).
The statistical standard deviation.
A percentage.
An IP v4 address.
An IP v4 Classless Inter-Domain Routing (CIDR) block.
An IP v6 address.
An IP v6 Classless Inter-Domain Routing (CIDR) block.
A time duration.
FIPS 199 confidentiality level
FIPS 199 integrity level
FIPS 199 availability level
The Mission Assurance Category level.
Security markings for an asset.
The confidentiality level of an asset (e.g. sensitive, public)
The "responsible" value from the responsibility assignment matrix known as RACI (Responsible,
Accountable, Consult, Inform).
The "accountable" value from the responsibility assignment matrix known as RACI (Responsible,
Accountable, Consult, Inform)
The "consult" value from the responsibility assignment matrix known as RACI (Responsible,
Accountable, Consult, Inform)
The "inform" value from the responsibility assignment matrix known as RACI (Responsible,
Accountable, Consult, Inform)
The administrating organization of an asset.
The administrative point-of-contact for an asset.
The Computer Emergency Response Team responsible for an asset.
The circuit to which an asset is connected.
The function of an asset (e.g., workstation, server).
A physical location.
A named network.
The organization that owns an asset
A geographic region
The role of an asset.
The named system to which an asset belongs.