Confidentiality Requirement
Confidentiality Requirement v1.1.1
This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.
| Value | Definition |
|---|---|
| Low | Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| Medium | Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| High | Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| Not Defined | This metric value is not defined. See CVSS documentation for details. |
Confidentiality Requirement v1.1.1 JSON Example
{
"namespace": "cvss",
"version": "1.1.1",
"schemaVersion": "1-0-1",
"key": "CR",
"name": "Confidentiality Requirement",
"description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.",
"values": [
{
"key": "L",
"name": "Low",
"description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "M",
"name": "Medium",
"description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "H",
"name": "High",
"description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "X",
"name": "Not Defined",
"description": "This metric value is not defined. See CVSS documentation for details."
}
]
}
Previous Versions
Following are the previous versions of the decision point:
Confidentiality Requirement v1.0.0
This metric measures the impact to the confidentiality of a successfully exploited vulnerability.
| Value | Definition |
|---|---|
| Low | Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| Medium | Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| High | Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| Not Defined | This metric value is not defined. See CVSS documentation for details. |
Confidentiality Requirement v1.0.0 JSON Example
{
"namespace": "cvss",
"version": "1.0.0",
"schemaVersion": "1-0-1",
"key": "CR",
"name": "Confidentiality Requirement",
"description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.",
"values": [
{
"key": "L",
"name": "Low",
"description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "M",
"name": "Medium",
"description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "H",
"name": "High",
"description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "ND",
"name": "Not Defined",
"description": "This metric value is not defined. See CVSS documentation for details."
}
]
}
Confidentiality Requirement v1.1.0
This metric measures the impact to the confidentiality of a successfully exploited vulnerability.
| Value | Definition |
|---|---|
| Low | Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| Medium | Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| High | Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| Not Defined | This metric value is not defined. See CVSS documentation for details. |
Confidentiality Requirement v1.1.0 JSON Example
{
"namespace": "cvss",
"version": "1.1.0",
"schemaVersion": "1-0-1",
"key": "CR",
"name": "Confidentiality Requirement",
"description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.",
"values": [
{
"key": "L",
"name": "Low",
"description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "M",
"name": "Medium",
"description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "H",
"name": "High",
"description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "X",
"name": "Not Defined",
"description": "This metric value is not defined. See CVSS documentation for details."
}
]
}