diff --git a/src/metaschema/oscal_assessment-common_metaschema.xml b/src/metaschema/oscal_assessment-common_metaschema.xml
index 3a3b34144b..56562f6b3d 100644
--- a/src/metaschema/oscal_assessment-common_metaschema.xml
+++ b/src/metaschema/oscal_assessment-common_metaschema.xml
@@ -1381,6 +1381,7 @@
The facet naming system for representing Common Vunerability Scoring System (CVSS) vectors as defined by the the Forum for Incident Response and Security Teams CVSS Special Interest Group (CVSS-SIG) for CVSS v2.
The facet naming system for representing Common Vunerability Scoring System (CVSS) vectors as defined by the the Forum for Incident Response and Security Teams CVSS Special Interest Group (CVSS-SIG) for CVSS v3.0.
The facet naming system for representing Common Vunerability Scoring System (CVSS) vectors as defined by the the Forum for Incident Response and Security Teams CVSS Special Interest Group (CVSS-SIG) for CVSS v3.1.
+ The facet naming system for representing Common Vunerability Scoring System (CVSS) vectors as defined by the the Forum for Incident Response and Security Teams CVSS Special Interest Group (CVSS-SIG) for CVSS v4.0.
@@ -1596,6 +1597,173 @@
Unchanged
Changed
+
+ Base: Attack Vector
+ Base: Attack Complexity
+ Base: Attack Requirements
+ Base: Privileges Required
+ Base: User Interaction
+ Base: Vulnerable System Confidentiality Impact
+ Base: Vulnerable System Integrity Impact
+ Base: Vulnerable System Availability Impact
+ Base: Subsequent System Confidentiality Impact
+ Base: Vulnerable System Integrity Impact
+ Base: Vulnerable System Availability Impact
+ Supplemental: Safety
+ Supplemental: Automatable
+ Supplemental: Recovery
+ Supplemental: Value Density
+ Supplemental: Vulnerability Response Effort
+ Supplemental: Provider Urgency
+ Environmental: Modified Attack Vector
+ Environmental: Modified Attack Complexity
+ Environmental: Modified Attack Requirements
+ Environmental: Modified Privileges Required
+ Environmental: Modified User Interaction
+ Environmental: Modified Vulnerable System Confidentiality
+ Environmental: Modified Vulnerable System Integrity
+ Environmental: Modified Vulnerable System Availability
+ Environmental: Subsequent Vulnerable System Confidentiality
+ Environmental: Subsequent Vulnerable System Integrity
+ Environmental: Subsequent Vulnerable System Availability
+ Environmental: Confidentiality Requirements
+ Environmental: Integrity Requirements
+ Environmental: Availability Requirements
+ Threat: Exploit Maturity
+
+
+ Attack Vector Values
+ Network
+ Adjacent
+ Local
+ Physical
+
+
+ Attack Complexity Values
+ High
+ Low
+
+
+ Attack Requirements Values
+ None
+ Present
+
+
+ Privileges Required, Confidentiality, Integrity, and Availability Values
+ None
+ Low
+ High
+
+
+ User Interaction Values
+ None
+ Passive
+ Active
+
+
+ Safety Values
+ Not Defined
+ Negligible
+ Present
+
+
+ Automatable Values
+ Not Defined
+ No
+ Yes
+
+
+ Recovery Values
+ Not Defined
+ Automatic
+ User
+ Irrecoverable
+
+
+ Value Density Values
+ Not Defined
+ Automatic
+ User
+ Irrecoverable
+
+
+ Vulnerability Response Effort Values
+ Not Defined
+ Low
+ Moderate
+ High
+
+
+ Provider Urgency Values
+ Not Defined
+ Clear
+ Green
+ Amber
+ Red
+
+
+ Modified Attack Vector Values
+ Not Defined
+ Network
+ Adjacent
+ Local
+ Physical
+
+
+ Modified Attack Complexity Values
+ Not Defined
+ High
+ Low
+
+
+ Modified Attack Requirements Values
+ Not Defined
+ None
+ Present
+
+
+ Modified Privileges Required, and Vulnerable System Confidentiality, Integrity, and Availability Values
+ Not Defined
+ None
+ Low
+ High
+
+
+ Modified User Interaction Values
+ Not Defined
+ None
+ Passive
+ Active
+
+
+ Modified Subsequent System Confidentiality Values
+ Not Defined
+ Negligible
+ Low
+ High
+
+
+ Modified Safety-Related Subsequent System Integrity and Availability Values
+ Not Defined
+ Negligible
+ Low
+ High
+ Safety
+
+
+ Vulnerability Response Effort Values
+ Not Defined
+ Low
+ Medium
+ High
+
+
+ Vulnerability Response Effort Values
+ Not Defined
+ Attacked
+ PoC
+ Unreported
+