Value,Description,Reference
breach-proprietary,"Sensitive or proprietary information was
        accessed or exfiltrated.",[RFC7970]
breach-privacy,"Personally identifiable information was
        accessed or exfiltrated.",[RFC7970]
breach-credential,"Credential information was accessed or
        exfiltrated.",[RFC7970]
loss-of-integrity,"Sensitive or proprietary information was
        changed or deleted.",[RFC7970]
loss-of-service,Service delivery was disrupted.,[RFC7970]
theft-financial,Money was stolen.,[RFC7970]
theft-service,Services were misappropriated.,[RFC7970]
degraded-reputation,"The reputation of the organization's
        brand was diminished.",[RFC7970]
asset-damage,A cyber-physical system was damaged.,[RFC7970]
asset-manipulation,A cyber-physical system was manipulated.,[RFC7970]
legal,The incident resulted in legal or regulatory action.,[RFC7970]
extortion,"The incident resulted in actors extorting the
        victim organization.",[RFC7970]
unknown,The impact is unknown.,[RFC7970]
ext-value,"A value used to indicate that this attribute is
        extended and the actual value is provided using the
        corresponding ext-* attribute.  See Section 5.1.1 of [RFC7970].",[RFC7970]