diff --git a/doc/json/bundle.json b/doc/json/bundle.json
index a6cf806d..92ad4735 100644
--- a/doc/json/bundle.json
+++ b/doc/json/bundle.json
@@ -416,7 +416,7 @@
     },
     "severity" : "Critical",
     "short_description" : "string",
-    "short_id" : 10,
+    "short_id" : "string",
     "source" : "string",
     "source_uri" : "string",
     "status" : "Closed",
diff --git a/doc/json/casebook.json b/doc/json/casebook.json
index 320d67f1..0af2dcfc 100644
--- a/doc/json/casebook.json
+++ b/doc/json/casebook.json
@@ -417,7 +417,7 @@
       },
       "severity" : "Critical",
       "short_description" : "string",
-      "short_id" : 10,
+      "short_id" : "string",
       "source" : "string",
       "source_uri" : "string",
       "status" : "Closed",
diff --git a/doc/json/incident.json b/doc/json/incident.json
index d5e76950..bb612fab 100644
--- a/doc/json/incident.json
+++ b/doc/json/incident.json
@@ -36,7 +36,7 @@
   },
   "severity" : "Critical",
   "short_description" : "string",
-  "short_id" : 10,
+  "short_id" : "string",
   "source" : "string",
   "source_uri" : "string",
   "status" : "Closed",
diff --git a/doc/structures/bundle.md b/doc/structures/bundle.md
index 84bb6864..615f98b1 100644
--- a/doc/structures/bundle.md
+++ b/doc/structures/bundle.md
@@ -4467,7 +4467,7 @@ A URL reference to an external resource.
 |[scores](#propertyscores-incidentscoresobject)|*IncidentScores* Object|Used to indicate the severity or impact score of the threat represented by the incident.||
 |[severity](#propertyseverity-severitystring)|SeverityString|Represents the potential impact of an incident on an organization's security posture and business operations. It helps organizations prioritize and allocate resources for incident response based on the severity level of the incident  It helps analysts and incident handlers prioritize incidents by indicating the level of risk and potential impact associated with the incident. This enables organizations to allocate resources efficiently and address the most critical incidents first. Can also be used to generate reports and metrics for measuring the effectiveness of the incident response process and to identify trends and patterns in the threat landscape. It is important to note that the `severity` field is subjective and can be interpreted differently by different organizations or analysts. Therefore, it should be used in conjunction with other intelligence attributes, such as the `confidence` field, to provide a more comprehensive view of the incident.||
 |[short_description](#propertyshort_description-medstringstring)|MedStringString|A single line, short summary of the object.||
-|[short_id](#propertyshort_id-integer)|Integer|A sequential, human-readable identifier for the incident, unique within an organization.||
+|[short_id](#propertyshort_id-shortstringstring)|ShortStringString|A human-readable, short identifier for the incident, unique within an organization.||
 |[source](#propertysource-medstringstring)|MedStringString|Represents the source of the intelligence that led to the creation of the entity.||
 |[source_uri](#propertysource_uri-string)|String|URI of the source of the intelligence that led to the creation of the entity.||
 |[tactics](#propertytactics-shortstringstringlist)|ShortStringString List|Represents the offensive techniques, approaches, or procedures that an adversary may use to achieve their objectives during an attack. It helps in understanding the intent and capabilities of the adversary and can be used to identify indicators of attack (IoAs) or indicators of compromise (IoCs) that are associated with the adversary's tactics.||
@@ -4777,15 +4777,15 @@ A single line, short summary of the object.
 
   * *MedString* String with at most 2048 characters.
 
-<a id="propertyshort_id-integer"></a>
-## Property short_id ∷ Integer
+<a id="propertyshort_id-shortstringstring"></a>
+## Property short_id ∷ ShortStringString
 
-A sequential, human-readable identifier for the incident, unique within an organization.
+A human-readable, short identifier for the incident, unique within an organization.
 
 * This entry is optional
 
 
-  * Zero, or a positive integer.
+  * *ShortString* String with at most 1024 characters.
 
 <a id="propertysource-medstringstring"></a>
 ## Property source ∷ MedStringString
diff --git a/doc/structures/casebook.md b/doc/structures/casebook.md
index 1f37b0d4..2d726d7d 100644
--- a/doc/structures/casebook.md
+++ b/doc/structures/casebook.md
@@ -11414,7 +11414,7 @@ A URL reference to an external resource.
 |[scores](#propertyscores-incidentscoresobject)|*IncidentScores* Object|Used to indicate the severity or impact score of the threat represented by the incident.||
 |[severity](#propertyseverity-severitystring)|SeverityString|Represents the potential impact of an incident on an organization's security posture and business operations. It helps organizations prioritize and allocate resources for incident response based on the severity level of the incident  It helps analysts and incident handlers prioritize incidents by indicating the level of risk and potential impact associated with the incident. This enables organizations to allocate resources efficiently and address the most critical incidents first. Can also be used to generate reports and metrics for measuring the effectiveness of the incident response process and to identify trends and patterns in the threat landscape. It is important to note that the `severity` field is subjective and can be interpreted differently by different organizations or analysts. Therefore, it should be used in conjunction with other intelligence attributes, such as the `confidence` field, to provide a more comprehensive view of the incident.||
 |[short_description](#propertyshort_description-medstringstring)|MedStringString|A single line, short summary of the object.||
-|[short_id](#propertyshort_id-integer)|Integer|A sequential, human-readable identifier for the incident, unique within an organization.||
+|[short_id](#propertyshort_id-shortstringstring)|ShortStringString|A human-readable, short identifier for the incident, unique within an organization.||
 |[source](#propertysource-medstringstring)|MedStringString|Represents the source of the intelligence that led to the creation of the entity.||
 |[source_uri](#propertysource_uri-string)|String|URI of the source of the intelligence that led to the creation of the entity.||
 |[tactics](#propertytactics-shortstringstringlist)|ShortStringString List|Represents the offensive techniques, approaches, or procedures that an adversary may use to achieve their objectives during an attack. It helps in understanding the intent and capabilities of the adversary and can be used to identify indicators of attack (IoAs) or indicators of compromise (IoCs) that are associated with the adversary's tactics.||
@@ -11724,15 +11724,15 @@ A single line, short summary of the object.
 
   * *MedString* String with at most 2048 characters.
 
-<a id="propertyshort_id-integer"></a>
-## Property short_id ∷ Integer
+<a id="propertyshort_id-shortstringstring"></a>
+## Property short_id ∷ ShortStringString
 
-A sequential, human-readable identifier for the incident, unique within an organization.
+A human-readable, short identifier for the incident, unique within an organization.
 
 * This entry is optional
 
 
-  * Zero, or a positive integer.
+  * *ShortString* String with at most 1024 characters.
 
 <a id="propertysource-medstringstring"></a>
 ## Property source ∷ MedStringString
diff --git a/doc/structures/incident.md b/doc/structures/incident.md
index 6b45d5e1..5af00ce4 100644
--- a/doc/structures/incident.md
+++ b/doc/structures/incident.md
@@ -30,7 +30,7 @@
 |[scores](#propertyscores-incidentscoresobject)|*IncidentScores* Object|Used to indicate the severity or impact score of the threat represented by the incident.||
 |[severity](#propertyseverity-severitystring)|SeverityString|Represents the potential impact of an incident on an organization's security posture and business operations. It helps organizations prioritize and allocate resources for incident response based on the severity level of the incident  It helps analysts and incident handlers prioritize incidents by indicating the level of risk and potential impact associated with the incident. This enables organizations to allocate resources efficiently and address the most critical incidents first. Can also be used to generate reports and metrics for measuring the effectiveness of the incident response process and to identify trends and patterns in the threat landscape. It is important to note that the `severity` field is subjective and can be interpreted differently by different organizations or analysts. Therefore, it should be used in conjunction with other intelligence attributes, such as the `confidence` field, to provide a more comprehensive view of the incident.||
 |[short_description](#propertyshort_description-medstringstring)|MedStringString|A single line, short summary of the object.||
-|[short_id](#propertyshort_id-integer)|Integer|A sequential, human-readable identifier for the incident, unique within an organization.||
+|[short_id](#propertyshort_id-shortstringstring)|ShortStringString|A human-readable, short identifier for the incident, unique within an organization.||
 |[source](#propertysource-medstringstring)|MedStringString|Represents the source of the intelligence that led to the creation of the entity.||
 |[source_uri](#propertysource_uri-string)|String|URI of the source of the intelligence that led to the creation of the entity.||
 |[tactics](#propertytactics-shortstringstringlist)|ShortStringString List|Represents the offensive techniques, approaches, or procedures that an adversary may use to achieve their objectives during an attack. It helps in understanding the intent and capabilities of the adversary and can be used to identify indicators of attack (IoAs) or indicators of compromise (IoCs) that are associated with the adversary's tactics.||
@@ -340,15 +340,15 @@ A single line, short summary of the object.
 
   * *MedString* String with at most 2048 characters.
 
-<a id="propertyshort_id-integer"></a>
-## Property short_id ∷ Integer
+<a id="propertyshort_id-shortstringstring"></a>
+## Property short_id ∷ ShortStringString
 
-A sequential, human-readable identifier for the incident, unique within an organization.
+A human-readable, short identifier for the incident, unique within an organization.
 
 * This entry is optional
 
 
-  * Zero, or a positive integer.
+  * *ShortString* String with at most 1024 characters.
 
 <a id="propertysource-medstringstring"></a>
 ## Property source ∷ MedStringString
diff --git a/src/ctim/examples/incidents.cljc b/src/ctim/examples/incidents.cljc
index 91f83764..9a67539f 100644
--- a/src/ctim/examples/incidents.cljc
+++ b/src/ctim/examples/incidents.cljc
@@ -42,7 +42,7 @@
    :discovery_method "Log Review"
    :promotion_method "Manual"
    :intended_effect "Extortion"
-   :short_id 1
+   :short_id "1"
    :scores {:asset 5
             :ttp 98}
    :meta {:string "this description was generated by a very smart algorithm"
diff --git a/src/ctim/schemas/incident.cljc b/src/ctim/schemas/incident.cljc
index eb9ccf5a..9235952f 100644
--- a/src/ctim/schemas/incident.cljc
+++ b/src/ctim/schemas/incident.cljc
@@ -169,8 +169,8 @@
    (f/entry :techniques [c/ShortString]
             :description (str "Represents the specific methods or actions used by an attacker "
                               "to carry out an offensive maneuver or achieve their goals."))
-   (f/entry :short_id c/PosInt
-            :description "A sequential, human-readable identifier for the incident, unique within an organization.")))
+   (f/entry :short_id c/ShortString
+            :description "A human-readable, short identifier for the incident, unique within an organization.")))
 
 (def-entity-type NewIncident
   "For submitting a new Incident."
