Merge branch 'main' into 890-add-csv-generation-to-doctoolspy

Author: ahouseholder

data/json/decision_points/basic/do_schedule_delegate_delete_1_0_0.json

@@ -3,28 +3,28 @@
   "key": "IKE",
   "version": "1.0.0",
   "name": "Do, Schedule, Delegate, Delete",
-  "description": "The Eisenhower outcome group.",
+  "definition": "The Eisenhower outcome group.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "D",
       "name": "Delete",
-      "description": "Delete"
+      "definition": "Delete"
     },
     {
       "key": "G",
       "name": "Delegate",
-      "description": "Delegate"
+      "definition": "Delegate"
     },
     {
       "key": "S",
       "name": "Schedule",
-      "description": "Schedule"
+      "definition": "Schedule"
     },
     {
       "key": "O",
       "name": "Do",
-      "description": "Do"
+      "definition": "Do"
     }
   ]
 }

data/json/decision_points/basic/lowmediumhigh_1_0_0.json

@@ -3,23 +3,23 @@
   "key": "LMH",
   "version": "1.0.0",
   "name": "LowMediumHigh",
-  "description": "A Low/Medium/High decision point / outcome group.",
+  "definition": "A Low/Medium/High decision point / outcome group.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "L",
       "name": "Low",
-      "description": "Low"
+      "definition": "Low"
     },
     {
       "key": "M",
       "name": "Medium",
-      "description": "Medium"
+      "definition": "Medium"
     },
     {
       "key": "H",
       "name": "High",
-      "description": "High"
+      "definition": "High"
     }
   ]
 }

data/json/decision_points/basic/moscow_1_0_0.json

@@ -3,28 +3,28 @@
   "key": "MSCW",
   "version": "1.0.0",
   "name": "MoSCoW",
-  "description": "The MoSCoW (Must, Should, Could, Won't) outcome group.",
+  "definition": "The MoSCoW (Must, Should, Could, Won't) outcome group.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "W",
       "name": "Won't",
-      "description": "Won't"
+      "definition": "Won't"
     },
     {
       "key": "C",
       "name": "Could",
-      "description": "Could"
+      "definition": "Could"
     },
     {
       "key": "S",
       "name": "Should",
-      "description": "Should"
+      "definition": "Should"
     },
     {
       "key": "M",
       "name": "Must",
-      "description": "Must"
+      "definition": "Must"
     }
   ]
 }

data/json/decision_points/basic/value_complexity_1_0_0.json

@@ -3,28 +3,28 @@
   "key": "VALUE_COMPLEXITY",
   "version": "1.0.0",
   "name": "Value, Complexity",
-  "description": "The Value/Complexity outcome group.",
+  "definition": "The Value/Complexity outcome group.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "D",
       "name": "Drop",
-      "description": "Drop"
+      "definition": "Drop"
     },
     {
       "key": "R",
       "name": "Reconsider Later",
-      "description": "Reconsider Later"
+      "definition": "Reconsider Later"
     },
     {
       "key": "E",
       "name": "Easy Win",
-      "description": "Easy Win"
+      "definition": "Easy Win"
     },
     {
       "key": "F",
       "name": "Do First",
-      "description": "Do First"
+      "definition": "Do First"
     }
   ]
 }

data/json/decision_points/basic/yesno_1_0_0.json

@@ -3,18 +3,18 @@
   "key": "YN",
   "version": "1.0.0",
   "name": "YesNo",
-  "description": "A Yes/No decision point / outcome group.",
+  "definition": "A Yes/No decision point / outcome group.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "N",
       "name": "No",
-      "description": "No"
+      "definition": "No"
     },
     {
       "key": "Y",
       "name": "Yes",
-      "description": "Yes"
+      "definition": "Yes"
     }
   ]
 }

data/json/decision_points/cisa/cisa_levels_1_1_0.json

@@ -3,28 +3,28 @@
   "key": "CISA",
   "version": "1.1.0",
   "name": "CISA Levels",
-  "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.",
+  "definition": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "T",
       "name": "Track",
-      "description": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines."
+      "definition": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines."
     },
     {
       "key": "T*",
       "name": "Track*",
-      "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines."
+      "definition": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines."
     },
     {
       "key": "AT",
       "name": "Attend",
-      "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines."
+      "definition": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines."
     },
     {
       "key": "AC",
       "name": "Act",
-      "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible."
+      "definition": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible."
     }
   ]
 }

data/json/decision_points/cisa/in_kev_1_0_0.json

@@ -3,18 +3,18 @@
   "key": "KEV",
   "version": "1.0.0",
   "name": "In KEV",
-  "description": "Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.",
+  "definition": "Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "N",
       "name": "No",
-      "description": "Vulnerability is not listed in KEV."
+      "definition": "Vulnerability is not listed in KEV."
     },
     {
       "key": "Y",
       "name": "Yes",
-      "description": "Vulnerability is listed in KEV."
+      "definition": "Vulnerability is listed in KEV."
     }
   ]
 }

data/json/decision_points/cisa/mission_prevalence_1_0_0.json

@@ -3,23 +3,23 @@
   "key": "MP",
   "version": "1.0.0",
   "name": "Mission Prevalence",
-  "description": "Prevalence of the mission essential functions",
+  "definition": "Prevalence of the mission essential functions",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "M",
       "name": "Minimal",
-      "description": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions."
+      "definition": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions."
     },
     {
       "key": "S",
       "name": "Support",
-      "description": "The vulnerable component only supports MEFs for two or more entities."
+      "definition": "The vulnerable component only supports MEFs for two or more entities."
     },
     {
       "key": "E",
       "name": "Essential",
-      "description": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure."
+      "definition": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure."
     }
   ]
 }

data/json/decision_points/cvss/access_complexity_1_0_0.json

@@ -3,18 +3,18 @@
   "key": "AC",
   "version": "1.0.0",
   "name": "Access Complexity",
-  "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.",
+  "definition": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "H",
       "name": "High",
-      "description": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)"
+      "definition": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)"
     },
     {
       "key": "L",
       "name": "Low",
-      "description": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable."
+      "definition": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable."
     }
   ]
 }

data/json/decision_points/cvss/access_complexity_2_0_0.json

@@ -3,23 +3,23 @@
   "key": "AC",
   "version": "2.0.0",
   "name": "Access Complexity",
-  "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.",
+  "definition": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "H",
       "name": "High",
-      "description": "Specialized access conditions exist."
+      "definition": "Specialized access conditions exist."
     },
     {
       "key": "M",
       "name": "Medium",
-      "description": "The access conditions are somewhat specialized."
+      "definition": "The access conditions are somewhat specialized."
     },
     {
       "key": "L",
       "name": "Low",
-      "description": "Specialized access conditions or extenuating circumstances do not exist."
+      "definition": "Specialized access conditions or extenuating circumstances do not exist."
     }
   ]
 }