OASIS Common Security Advisory Framework (CSAF) TC

Dear colleagues,
BSI published the Technical Guideline TR-03191: Common Security Advisory Framework (CSAF)
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03191/BSI-TR-03191.pdf?__blob=publicationFile&v=3

The guideline should enable customers to bring CSAF as a requirement into contracts by stating something like: "The supplier MUST conform to BSI TR-03191."
It is also that flexible that parts can be "overwritten" by the individual contractual agreements.

Feedback is welcome.

Best regards,
Thomas