OASIS members and other interested parties, OASIS and the Open Command and Control (OpenC2) TC are pleased to announce that three specifications in the OpenC2 suite are now available for public review and comment. This is the second public review for these specifications: - Open Command and Control (OpenC2) Language Specification Version 1.0 - Open Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0 - Specification for Transfer of OpenC2 Messages via HTTPS Version 1.0 OpenC2 is a suite of specifications to achieve command and control of cyber defense functions. These specifications include the OpenC2 Language Specification, Actuator Profiles, and Transfer Specifications. The OpenC2 Language Specification and Actuator Profile(s) focus on the standard at the producer and consumer of the command and response while the transfer specifications focus on the protocols for their exchange. - The OpenC2 Language Specification provides the semantics for the essential elements of the language, the structure for commands and responses, and the schema that defines the proper syntax for the language elements that represents the command or response. - OpenC2 Actuator Profiles specify the subset of the OpenC2 language relevant in the context of specific actuator functions. Cyber defense components may implement multiple actuator profiles. Actuator profiles extend the language by defining specifiers that identify the actuator to the required level of precision and may define command arguments for those actuator functions. "OpenC2 Profile for Stateless Packet Filtering" is the first OpenC2 Actuator Profile. - OpenC2 Transfer Specifications utilize existing protocols and standards to implement OpenC2 in specific environments. These standards are used for communications and security functions beyond the scope of the OpenC2 language, such as message transfer encoding, authentication, and end-to-end transport of OpenC2 messages. "Transfer of OpenC2 Messages via HTTPS" is the first OpenC2 Transfer Specification. Each specification would best be reviewed in the context of the overall suite of companion specifications. The documents and related files are available here: Open Command and Control (OpenC2) Language Specification Version 1.0 Committee Specification Draft 08 / Public Review Draft 02 04 April 2019 Editable source in Markdown (Authoritative):
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02.md HTML:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02.html PDF:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02.pdf Complete ZIP package of specification documents and related files:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02.zip ****** Open Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0 Committee Specification Draft 05 / Public Review Draft 02 04 April 2019 Editable source in Markdown (Authoritative):
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02.md HTML:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02.html PDF:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02.pdf Complete ZIP package of specification documents and related files:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02.zip ****** Specification for Transfer of OpenC2 Messages via HTTPS Version 1.0 Committee Specification Draft 04 / Public Review Draft 02 04 April 2019 Editable source in Markdown (Authoritative):
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02.md HTML:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02.html PDF:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02.pdf Complete ZIP package of specification documents and any related files:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02.zip How to Provide Feedback The TC requests reviewers reference their comments to the page and nearest line numbers in the PDF versions. OASIS and the OpenC2 TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work. The public reviews start 13 April at 00:00 UTC and ends 27 April 2019 at 23:59 UTC. These specifications were previously submitted for public review, and the resolutions of all comments are included in log files [1]. This 15-day review is limited in scope to changes made from the previous review. Changes are also highlighted in red-lined PDF files [2]. Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC's "Send A Comment" page (
https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=openc2 ). Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/openc2-comment/ All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [3] applicable especially [4] to the work of this Technical Committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member's patent, copyright, trademark and license rights that read on an approved OASIS specification. OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC's work. Additional information about the specifications and the OpenC2 TC can be found at the TC's public home page:
https://www.oasis-open.org/committees/openc2/ ========== Additional references: [1] Previous public review: - 30-day public review, 09 November 2018:
https://lists.oasis-open.org/archives/openc2/201811/msg00005.html - Comment resolution logs: OpenC2 Language Specification:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd01/oc2ls-v1.0-csprd01-comment-resolution-log.pdf OpenC2 Profile for Stateless Packet Filtering:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd01/oc2slpf-v1.0-csprd01-comment-resolution-log.pdf Transfer of OpenC2 Messages via HTTPS:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd01/open-impl-https-v1.0-csprd01-comment-resolution-log.pdf [2] Red-lined PDF versions: OpenC2 Language Specification:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02-DIFF.pdf OpenC2 Profile for Stateless Packet Filtering:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02-DIFF.pdf Transfer of OpenC2 Messages via HTTPS:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02-DIFF.pdf [3]
https://www.oasis-open.org/policies-guidelines/ipr [4]
https://www.oasis-open.org/committees/openc2/ipr.php https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode Non-Assertion Mode -- Paul Knight ... . Document Process Analyst ... mobile: +1 781-883-1783 OASIS - Advancing open standards for the information society