I concur as well – the addition of IEP could greatly enhance our collective ability to specify, and comply with, policies for handling machine-readable CTI! From:
iep-sig-request@lists.first.org [mailto:
iep-sig-request@lists.first.org] On Behalf Of Merike Kaeo via iep-sig Sent: Tuesday, May 02, 2017 2:15 PM To: Carothers, Matt (CCI-Atlanta) Cc: Terry MacDonald;
cti-stix@lists.oasis-open.org;
iep-sig@first.org Subject: Re: [iep-sig] STIX 2.1: Adding IEP Framework to STIX 2.1 Thanks Matt. Any others who want to chime in? - merike On May 2, 2017, at 6:29 AM, Carothers, Matt (CCI-Atlanta) via iep-sig (via iep-sig Mailing List) <
iep-sig@lists.first.org > wrote: I’m a big fan of the IEP, and I’d like to see it included. - Matt From:
iep-sig-request@lists.first.org [ mailto:
iep-sig-request@lists.first.org ] On Behalf Of Terry MacDonald via iep-sig Sent: Monday, May 1, 2017 9:01 PM To:
cti-stix@lists.oasis-open.org ;
iep-sig@first.org Subject: Re: [iep-sig] STIX 2.1: Adding IEP Framework to STIX 2.1 Hi All, Just checking with everyone to see their thoughts on the suggestion to add IEP v2 to STIX 2.1. Does anyone at all have any objections to this being an additional method for producers to describe in greater detail what consumers can do with the data? People could still use TLP if they wished (although IEP includes TLP and a lot more besides). Cheers Terry MacDonald Chief Product Officer <image001.png> M: +64 211 918 814 E:
terry.macdonald@cosive.com W:
www.cosive.com On Sun, Apr 30, 2017 at 9:22 AM, Terry MacDonald <
terry.macdonald@cosive.com > wrote: Hi All, I've got an update on the FIRST Information Exchange Policy (IEP) Framework work currently being done within the FIRST IEP-SIG. For those of you who have never heard of IEP, it is a JSON based way for threat intel producers to inform recipients of how they are allowed to use the data threat intel they receive. It extends the Traffic Light Protocol (TLP) to fill a lot of the gaps, removing ambiguity when sharing information.. IEP version 2.0 differs from IEP version 1.0 in that it now allows threat intel to reference remote IEP policies. This allows communities to create a network accessible IEPJ file, and all threat intel to just reference that url. We plan on drafting some standard IEP policies to help kick start the process off. You can view more about the draft IEP Framework documents in the attached documentation: FIRST_IEP_Framework_2_20170418.pdf describes the IEP Framework at a high level FIRST_IEP_2_JSON_20170104.pdf describes the JSON implementation of the IEP Framework. We know that IEP would provide a lot of value to STIX 2.1, as it would clear up a lot of the confusion that recipients have regarding how they can use they data they receive. For this reason, we have created a draft STIX Data Marking object specifically for IEP, and we submit this to the community for inclusion in STIX 2.1. STIX2.1Proposal-InformationExchangePolicyMarkingObjectType.pdf describes our proposal in greater depth. Cheers Terry MacDonald Chief Product Officer <image001.png> M: +64 211 918 814 E:
terry.macdonald@cosive.com W:
www.cosive.com ___________________________________________________________ This is a FIRST restricted and confidential mailing list. Do not Forward, Cc, Bcc, copy or summarize this email outside of the FIRST community without the express permission of the content owner(s). FIRST.Org Lists ___________________________________________________________ Attachment: smime.p7s Description: S/MIME cryptographic signature