I attached the slides that were presented at the working session today. Based on the discussions today the following were concluded: 1. Impacts will be split into their own extension. I will present a proposal on this next week for the group to review. 2. Activities should be split from Incident as was initially proposed, but as a group we need to decide a name for these. Regardless of what we call them it is important that they be distinct from Courses of Action for defenders while allowing capturing of attacker, defender, and other types of actions / events / activities. Options brought up include: a. Incident Activity b. Activity c. Event d. Action //SIGNED// Jeffrey Mates, Civ DC3/TSD Computer Scientist Technical Solutions Development
jeffrey.mates@us.af.mil 410-694-4335 Attachment: STIX Incident Paths Forward.pdf Description: Adobe PDF document Attachment: smime.p7s Description: S/MIME cryptographic signature