pub enum Requirement {
NotDefined,
Low,
Medium,
High,
}Expand description
Requirement metric (CR, IR, AR) values.
§Description
These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a users organization, measured in terms of confidentiality, integrity, and availability, That is, if an IT asset supports a business function for which availability is most important, the analyst can assign a greater value to availability, relative to confidentiality and integrity. Each security requirement has three possible values: low, medium, or high.
The full effect on the environmental score is determined by the corresponding base impact metrics (please note that the base confidentiality, integrity and availability impact metrics, themselves, are not changed). That is, these metrics modify the environmental score by reweighting the (base) confidentiality, integrity, and availability impact metrics. For example, the confidentiality impact (C) metric has increased weight if the confidentiality requirement (CR) is high. Likewise, the confidentiality impact metric has decreased weight if the confidentiality requirement is low. The confidentiality impact metric weighting is neutral if the confidentiality requirement is medium. This same logic is applied to the integrity and availability requirements.
Note that the confidentiality requirement will not affect the environmental score if the (base) confidentiality impact is set to none. Also, increasing the confidentiality requirement from medium to high will not change the environmental score when the (base) impact metrics are set to complete. This is because the impact sub score (part of the base score that calculates impact) is already at a maximum value of 10.
The possible values for the security requirements are listed in Table 12. For brevity, the same table is used for all three metrics. The greater the security requirement, the higher the score (remember that medium is considered the default). These metrics will modify the score as much as plus or minus 2.5.
§Properties
- Metric Group: Environmental
- Documentation: CVSS v2.0 Documentation, Section 2.3.3: Security Requirements (
CR,IR,AR)
§Requirement Metrics
Metric::ConfidentialityRequirement(CR)Metric::IntegrityRequirement(IR)Metric::AvailabilityRequirement(AR)
§Examples
Parse string as metric:
// parse string as metric
let metric: Metric = "CR:H".parse()?;
// check result
assert_eq!(metric, Metric::ConfidentialityRequirement(Requirement::High));Convert metric to string:
// convert metric to string
let s = Metric::IntegrityRequirement(Requirement::Medium).to_string();
// check result
assert_eq!(s, "IR:M");Get metric name:
// get metric name
let name = Name::from(Metric::AvailabilityRequirement(Requirement::Low));
// check result
assert_eq!(name, Name::AvailabilityRequirement);Variants§
NotDefined
Not Defined (ND)
Assigning this value to the metric will not influence the score. It is a signal to the equation to skip this metric.
Low
Low (L)
Loss of [confidentiality / integrity / availability] is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).
Medium
Medium (M)
Loss of [confidentiality / integrity / availability] is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).
High
High (H)
Loss of [confidentiality / integrity / availability] is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).
Trait Implementations§
Source§impl Clone for Requirement
impl Clone for Requirement
Source§fn clone(&self) -> Requirement
fn clone(&self) -> Requirement
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read more