OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Secu

 View Only
  • 1.  Security considerations

    Posted 04-05-2021 02:06
    All, I added the follow statements to the security considerations section to address the addition of digital signatures. Please review . CACAO specifies the use of digital signature technology that is based on concepts from JWS [RFC7515], JWK [RFC7517], and relies on JCS [RFC8785]. In addition to the security considerations defined in section 10 of JWS, section 9 of JWK, and section 5 of JCS, implementers should carefully consider and verify any digital certificate that is delivered via the CACAO Playbook itself to ensure that it is coming from the identity that it claims to come from. Bret