%% You should probably cite draft-ietf-sacm-vuln-scenario instead of this I-D.
@techreport{coffin-sacm-vuln-scenario-01,
    number =    {draft-coffin-sacm-vuln-scenario-01},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-coffin-sacm-vuln-scenario/01/},
    author =    {Chris Coffin and Brant Cheikes and Charles Schmidt and Daniel Haynes and Jessica Fitzgerald-McKay and David Waltermire},
    title =     {{SACM Vulnerability Assessment Scenario}},
    pagetotal = 29,
    year =      2016,
    month =     jan,
    day =       22,
    abstract =  {This document provides a core narrative that walks through an automated enterprise vulnerability assessment scenario. It is aligned with the SACM use cases and begins with an enterprise ingesting vulnerability description data, followed by identifying endpoints on the network and collecting and storing information about them to enable posture assessment, and finally ends with assessing these endpoints against the vulnerability description data to determine which ones are affected. Processes that specifically overlap between this scenario and SACM use cases will be noted where applicable. Specifically, the relationship between this document and the SACM use case building block capabilities and the usage scenarios will be covered.},
}