OASIS Cyber Threat Intelligence (CTI) TC

Expand all | Collapse all

FYI about Draft RFCs: ISAO SO Documents Posted for Comment

  • 1.  FYI about Draft RFCs: ISAO SO Documents Posted for Comment

    Posted 05-04-2016 13:03
    FYI, in case this was missed (I missed it initially): The ISAO SO has reached an important milestone. Volunteers came together in January with a common goal of producing useful guidelines for the creation and functioning of ISAOs. The Request for Comment (RFC) documents below span the range of topics represented by our six Standards Working Groups. While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate. Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines. Comments received by Friday, June 17th, will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents. Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. https://www.isao.org/products/drafts/ https://www.isao.org/drafts/isao-so-product-outline-v0-2/ https://www.isao.org/drafts/isao-startup-topics-v0-2/ https://www.isao.org/drafts/isao-capabilities-and-categories-v0-2/ https://www.isao.org/drafts/cybersecurity-related-information-sharing-guidelines-v0-2/ https://www.isao.org/drafts/privacy-v0-2/ https://www.isao.org/drafts/security-v0-2/ https://www.isao.org/drafts/support-intake-process-v0-2/ https://www.isao.org/drafts/government-programs-and-services-available-to-assist-isaos-v0-2/ https://www.isao.org/drafts/government-relations-considerations-v0-2/ =========== The Information Sharing and Analysis Organization (ISAO) Standards Organization (SO), in partnership with the six established ISAO SO Standards Working Groups (SWG), has posted nine Request for Comment (RFC) documents reflecting our progress since the working groups were established four months ago.  This is the first iteration of draft products that will be used in the development of voluntary standards for ISAOs as they relate to Executive Order 13691.   The RFC documents span the range of topics represented by our six Standards Working Groups.  While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate.  Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines.  Comments can be submitted via our Draft Products page.  Additional questions can be directed to Contact@isao.org .   Comments received by Friday, June 17 th , will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents.  (Comments will be accepted after this date, but may not be reflected until later iterations of draft standards documents.)  Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. As part of our collaborative, transparent, and industry-driven process, the ISAO SO has scheduled a public meeting to discuss these draft documents and we encourage you to attend to share your views and shape the further development of these important products.  The open forum will be held May 19, 2016 , in Anaheim, California.  For additional information about the meeting, to make reservations, and to take advantage of discounted rates at the Hilton Anaheim, please visit our Event page at www.ISAO.org .    Please take time to review these draft products and share your thoughts and recommendations.  Hope to see you in Anaheim!   Regards, Rick Richard A. Lipsey Deputy Director ISAO Standards Organization -- Robin Cover OASIS, Director of Information Services Editor, Cover Pages and XML Daily Newslink Email: robin@oasis-open.org Staff bio: http://www.oasis-open.org/people/staff/robin-cover Cover Pages: http://xml.coverpages.org/ Newsletter: http://xml.coverpages.org/newsletterArchive.html Tel: +1 972-296-1783


  • 2.  Re: [staff-bizdev] FYI about Draft RFCs: ISAO SO Documents Posted for Comment

    Posted 05-04-2016 13:28
    Any reason not to share this with the CTI TC? I doubt that everyone is following this closely. Unless of course there wouldn't be anything here of interest. Still, sharing it at least conveys "we think about you folks every day."  On Wed, May 4, 2016 at 9:02 AM, Robin Cover < robin@oasis-open.org > wrote: FYI, in case this was missed (I missed it initially): The ISAO SO has reached an important milestone. Volunteers came together in January with a common goal of producing useful guidelines for the creation and functioning of ISAOs. The Request for Comment (RFC) documents below span the range of topics represented by our six Standards Working Groups. While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate. Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines. Comments received by Friday, June 17th, will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents. Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. https://www.isao.org/products/drafts/ https://www.isao.org/drafts/isao-so-product-outline-v0-2/ https://www.isao.org/drafts/isao-startup-topics-v0-2/ https://www.isao.org/drafts/isao-capabilities-and-categories-v0-2/ https://www.isao.org/drafts/cybersecurity-related-information-sharing-guidelines-v0-2/ https://www.isao.org/drafts/privacy-v0-2/ https://www.isao.org/drafts/security-v0-2/ https://www.isao.org/drafts/support-intake-process-v0-2/ https://www.isao.org/drafts/government-programs-and-services-available-to-assist-isaos-v0-2/ https://www.isao.org/drafts/government-relations-considerations-v0-2/ =========== The Information Sharing and Analysis Organization (ISAO) Standards Organization (SO), in partnership with the six established ISAO SO Standards Working Groups (SWG), has posted nine Request for Comment (RFC) documents reflecting our progress since the working groups were established four months ago.  This is the first iteration of draft products that will be used in the development of voluntary standards for ISAOs as they relate to Executive Order 13691.   The RFC documents span the range of topics represented by our six Standards Working Groups.  While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate.  Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines.  Comments can be submitted via our Draft Products page.  Additional questions can be directed to Contact@isao.org .   Comments received by Friday, June 17 th , will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents.  (Comments will be accepted after this date, but may not be reflected until later iterations of draft standards documents.)  Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. As part of our collaborative, transparent, and industry-driven process, the ISAO SO has scheduled a public meeting to discuss these draft documents and we encourage you to attend to share your views and shape the further development of these important products.  The open forum will be held May 19, 2016 , in Anaheim, California.  For additional information about the meeting, to make reservations, and to take advantage of discounted rates at the Hilton Anaheim, please visit our Event page at www.ISAO.org .    Please take time to review these draft products and share your thoughts and recommendations.  Hope to see you in Anaheim!   Regards, Rick Richard A. Lipsey Deputy Director ISAO Standards Organization -- Robin Cover OASIS, Director of Information Services Editor, Cover Pages and XML Daily Newslink Email: robin@oasis-open.org Staff bio: http://www.oasis-open.org/people/staff/robin-cover Cover Pages: http://xml.coverpages.org/ Newsletter: http://xml.coverpages.org/newsletterArchive.html Tel: +1 972-296-1783 -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393 


  • 3.  Re: [staff-bizdev] FYI about Draft RFCs: ISAO SO Documents Posted for Comment

    Posted 05-04-2016 13:32
    > Any reason not to share this with the CTI TC? I'd think the TC members might be interested in this one, at least: 4. Cybersecurity-Related Information Sharing Guidelines v0.2 (SWG3) May 3, 2016 by The ISAO Standards Organization in Drafts, Information Sharing Drafts Request For Comment: Open May 3 - June 17, 2016 https://www.isao.org/drafts/cybersecurity-related-information-sharing-guidelines-v0-2/ The ISAO Standards Organization recognizes that not all new ISAOs may initially be able or desire to fully achieve these objectives. The information sharing guideline is structured to provide a new or existing ISAO with a context identifying outcomes to be considered when selecting and implementing its information sharing and collaboration efforts. In addition to a context framework and information uses, we also present a functional decomposition of possible ISAO information sharing activities. This guideline also offers a path to consider for maturing an ISAO’s information sharing capabilities. Note that the framework is conceptual as opposed to prescriptive, and its inclusion is meant to illustrate options rather than mandate them. On Wed, May 4, 2016 at 8:28 AM, Chet Ensign < chet.ensign@oasis-open.org > wrote: Any reason not to share this with the CTI TC? I doubt that everyone is following this closely. Unless of course there wouldn't be anything here of interest. Still, sharing it at least conveys "we think about you folks every day."  On Wed, May 4, 2016 at 9:02 AM, Robin Cover < robin@oasis-open.org > wrote: FYI, in case this was missed (I missed it initially): The ISAO SO has reached an important milestone. Volunteers came together in January with a common goal of producing useful guidelines for the creation and functioning of ISAOs. The Request for Comment (RFC) documents below span the range of topics represented by our six Standards Working Groups. While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate. Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines. Comments received by Friday, June 17th, will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents. Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. https://www.isao.org/products/drafts/ https://www.isao.org/drafts/isao-so-product-outline-v0-2/ https://www.isao.org/drafts/isao-startup-topics-v0-2/ https://www.isao.org/drafts/isao-capabilities-and-categories-v0-2/ https://www.isao.org/drafts/cybersecurity-related-information-sharing-guidelines-v0-2/ https://www.isao.org/drafts/privacy-v0-2/ https://www.isao.org/drafts/security-v0-2/ https://www.isao.org/drafts/support-intake-process-v0-2/ https://www.isao.org/drafts/government-programs-and-services-available-to-assist-isaos-v0-2/ https://www.isao.org/drafts/government-relations-considerations-v0-2/ =========== The Information Sharing and Analysis Organization (ISAO) Standards Organization (SO), in partnership with the six established ISAO SO Standards Working Groups (SWG), has posted nine Request for Comment (RFC) documents reflecting our progress since the working groups were established four months ago.  This is the first iteration of draft products that will be used in the development of voluntary standards for ISAOs as they relate to Executive Order 13691.   The RFC documents span the range of topics represented by our six Standards Working Groups.  While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate.  Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines.  Comments can be submitted via our Draft Products page.  Additional questions can be directed to Contact@isao.org .   Comments received by Friday, June 17 th , will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents.  (Comments will be accepted after this date, but may not be reflected until later iterations of draft standards documents.)  Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. As part of our collaborative, transparent, and industry-driven process, the ISAO SO has scheduled a public meeting to discuss these draft documents and we encourage you to attend to share your views and shape the further development of these important products.  The open forum will be held May 19, 2016 , in Anaheim, California.  For additional information about the meeting, to make reservations, and to take advantage of discounted rates at the Hilton Anaheim, please visit our Event page at www.ISAO.org .    Please take time to review these draft products and share your thoughts and recommendations.  Hope to see you in Anaheim!   Regards, Rick Richard A. Lipsey Deputy Director ISAO Standards Organization -- Robin Cover OASIS, Director of Information Services Editor, Cover Pages and XML Daily Newslink Email: robin@oasis-open.org Staff bio: http://www.oasis-open.org/people/staff/robin-cover Cover Pages: http://xml.coverpages.org/ Newsletter: http://xml.coverpages.org/newsletterArchive.html Tel: +1 972-296-1783 -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393   -- Robin Cover OASIS, Director of Information Services Editor, Cover Pages and XML Daily Newslink Email: robin@oasis-open.org Staff bio: http://www.oasis-open.org/people/staff/robin-cover Cover Pages: http://xml.coverpages.org/ Newsletter: http://xml.coverpages.org/newsletterArchive.html Tel: +1 972-296-1783


  • 4.  Re: [staff-bizdev] FYI about Draft RFCs: ISAO SO Documents Posted for Comment

    Posted 05-04-2016 18:05
        Chet, seems to me that we might make a broader ask of a larger group of committees.  but certainly CTI might care.  And they might care about many of those "draft" "standards," not just that one.      regards  Jamie On Wed, May 4, 2016 at 6:31 AM, Robin Cover < robin@oasis-open.org > wrote: > Any reason not to share this with the CTI TC? I'd think the TC members might be interested in this one, at least: 4. Cybersecurity-Related Information Sharing Guidelines v0.2 (SWG3) May 3, 2016 by The ISAO Standards Organization in Drafts, Information Sharing Drafts Request For Comment: Open May 3 - June 17, 2016 https://www.isao.org/drafts/cybersecurity-related-information-sharing-guidelines-v0-2/ The ISAO Standards Organization recognizes that not all new ISAOs may initially be able or desire to fully achieve these objectives. The information sharing guideline is structured to provide a new or existing ISAO with a context identifying outcomes to be considered when selecting and implementing its information sharing and collaboration efforts. In addition to a context framework and information uses, we also present a functional decomposition of possible ISAO information sharing activities. This guideline also offers a path to consider for maturing an ISAO’s information sharing capabilities. Note that the framework is conceptual as opposed to prescriptive, and its inclusion is meant to illustrate options rather than mandate them. On Wed, May 4, 2016 at 8:28 AM, Chet Ensign < chet.ensign@oasis-open.org > wrote: Any reason not to share this with the CTI TC? I doubt that everyone is following this closely. Unless of course there wouldn't be anything here of interest. Still, sharing it at least conveys "we think about you folks every day."  On Wed, May 4, 2016 at 9:02 AM, Robin Cover < robin@oasis-open.org > wrote: FYI, in case this was missed (I missed it initially): The ISAO SO has reached an important milestone. Volunteers came together in January with a common goal of producing useful guidelines for the creation and functioning of ISAOs. The Request for Comment (RFC) documents below span the range of topics represented by our six Standards Working Groups. While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate. Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines. Comments received by Friday, June 17th, will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents. Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. https://www.isao.org/products/drafts/ https://www.isao.org/drafts/isao-so-product-outline-v0-2/ https://www.isao.org/drafts/isao-startup-topics-v0-2/ https://www.isao.org/drafts/isao-capabilities-and-categories-v0-2/ https://www.isao.org/drafts/cybersecurity-related-information-sharing-guidelines-v0-2/ https://www.isao.org/drafts/privacy-v0-2/ https://www.isao.org/drafts/security-v0-2/ https://www.isao.org/drafts/support-intake-process-v0-2/ https://www.isao.org/drafts/government-programs-and-services-available-to-assist-isaos-v0-2/ https://www.isao.org/drafts/government-relations-considerations-v0-2/ =========== The Information Sharing and Analysis Organization (ISAO) Standards Organization (SO), in partnership with the six established ISAO SO Standards Working Groups (SWG), has posted nine Request for Comment (RFC) documents reflecting our progress since the working groups were established four months ago.  This is the first iteration of draft products that will be used in the development of voluntary standards for ISAOs as they relate to Executive Order 13691.   The RFC documents span the range of topics represented by our six Standards Working Groups.  While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate.  Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines.  Comments can be submitted via our Draft Products page.  Additional questions can be directed to Contact@isao.org .   Comments received by Friday, June 17 th , will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents.  (Comments will be accepted after this date, but may not be reflected until later iterations of draft standards documents.)  Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. As part of our collaborative, transparent, and industry-driven process, the ISAO SO has scheduled a public meeting to discuss these draft documents and we encourage you to attend to share your views and shape the further development of these important products.  The open forum will be held May 19, 2016 , in Anaheim, California.  For additional information about the meeting, to make reservations, and to take advantage of discounted rates at the Hilton Anaheim, please visit our Event page at www.ISAO.org .    Please take time to review these draft products and share your thoughts and recommendations.  Hope to see you in Anaheim!   Regards, Rick Richard A. Lipsey Deputy Director ISAO Standards Organization -- Robin Cover OASIS, Director of Information Services Editor, Cover Pages and XML Daily Newslink Email: robin@oasis-open.org Staff bio: http://www.oasis-open.org/people/staff/robin-cover Cover Pages: http://xml.coverpages.org/ Newsletter: http://xml.coverpages.org/newsletterArchive.html Tel: +1 972-296-1783 -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393   -- Robin Cover OASIS, Director of Information Services Editor, Cover Pages and XML Daily Newslink Email: robin@oasis-open.org Staff bio: http://www.oasis-open.org/people/staff/robin-cover Cover Pages: http://xml.coverpages.org/ Newsletter: http://xml.coverpages.org/newsletterArchive.html Tel: +1 972-296-1783


  • 5.  Re: [staff-bizdev] FYI about Draft RFCs: ISAO SO Documents Posted for Comment

    Posted 05-05-2016 21:04
    I'll go ahead and forward to the TC as an FYI.  On Wed, May 4, 2016 at 2:04 PM, Jamie Clark < jamie.clark@oasis-open.org > wrote:     Chet, seems to me that we might make a broader ask of a larger group of committees.  but certainly CTI might care.  And they might care about many of those "draft" "standards," not just that one.      regards  Jamie On Wed, May 4, 2016 at 6:31 AM, Robin Cover < robin@oasis-open.org > wrote: > Any reason not to share this with the CTI TC? I'd think the TC members might be interested in this one, at least: 4. Cybersecurity-Related Information Sharing Guidelines v0.2 (SWG3) May 3, 2016 by The ISAO Standards Organization in Drafts, Information Sharing Drafts Request For Comment: Open May 3 - June 17, 2016 https://www.isao.org/drafts/cybersecurity-related-information-sharing-guidelines-v0-2/ The ISAO Standards Organization recognizes that not all new ISAOs may initially be able or desire to fully achieve these objectives. The information sharing guideline is structured to provide a new or existing ISAO with a context identifying outcomes to be considered when selecting and implementing its information sharing and collaboration efforts. In addition to a context framework and information uses, we also present a functional decomposition of possible ISAO information sharing activities. This guideline also offers a path to consider for maturing an ISAO’s information sharing capabilities. Note that the framework is conceptual as opposed to prescriptive, and its inclusion is meant to illustrate options rather than mandate them. On Wed, May 4, 2016 at 8:28 AM, Chet Ensign < chet.ensign@oasis-open.org > wrote: Any reason not to share this with the CTI TC? I doubt that everyone is following this closely. Unless of course there wouldn't be anything here of interest. Still, sharing it at least conveys "we think about you folks every day."  On Wed, May 4, 2016 at 9:02 AM, Robin Cover < robin@oasis-open.org > wrote: FYI, in case this was missed (I missed it initially): The ISAO SO has reached an important milestone. Volunteers came together in January with a common goal of producing useful guidelines for the creation and functioning of ISAOs. The Request for Comment (RFC) documents below span the range of topics represented by our six Standards Working Groups. While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate. Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines. Comments received by Friday, June 17th, will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents. Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. https://www.isao.org/products/drafts/ https://www.isao.org/drafts/isao-so-product-outline-v0-2/ https://www.isao.org/drafts/isao-startup-topics-v0-2/ https://www.isao.org/drafts/isao-capabilities-and-categories-v0-2/ https://www.isao.org/drafts/cybersecurity-related-information-sharing-guidelines-v0-2/ https://www.isao.org/drafts/privacy-v0-2/ https://www.isao.org/drafts/security-v0-2/ https://www.isao.org/drafts/support-intake-process-v0-2/ https://www.isao.org/drafts/government-programs-and-services-available-to-assist-isaos-v0-2/ https://www.isao.org/drafts/government-relations-considerations-v0-2/ =========== The Information Sharing and Analysis Organization (ISAO) Standards Organization (SO), in partnership with the six established ISAO SO Standards Working Groups (SWG), has posted nine Request for Comment (RFC) documents reflecting our progress since the working groups were established four months ago.  This is the first iteration of draft products that will be used in the development of voluntary standards for ISAOs as they relate to Executive Order 13691.   The RFC documents span the range of topics represented by our six Standards Working Groups.  While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate.  Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines.  Comments can be submitted via our Draft Products page.  Additional questions can be directed to Contact@isao.org .   Comments received by Friday, June 17 th , will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents.  (Comments will be accepted after this date, but may not be reflected until later iterations of draft standards documents.)  Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. As part of our collaborative, transparent, and industry-driven process, the ISAO SO has scheduled a public meeting to discuss these draft documents and we encourage you to attend to share your views and shape the further development of these important products.  The open forum will be held May 19, 2016 , in Anaheim, California.  For additional information about the meeting, to make reservations, and to take advantage of discounted rates at the Hilton Anaheim, please visit our Event page at www.ISAO.org .    Please take time to review these draft products and share your thoughts and recommendations.  Hope to see you in Anaheim!   Regards, Rick Richard A. Lipsey Deputy Director ISAO Standards Organization -- Robin Cover OASIS, Director of Information Services Editor, Cover Pages and XML Daily Newslink Email: robin@oasis-open.org Staff bio: http://www.oasis-open.org/people/staff/robin-cover Cover Pages: http://xml.coverpages.org/ Newsletter: http://xml.coverpages.org/newsletterArchive.html Tel: +1 972-296-1783 -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393   -- Robin Cover OASIS, Director of Information Services Editor, Cover Pages and XML Daily Newslink Email: robin@oasis-open.org Staff bio: http://www.oasis-open.org/people/staff/robin-cover Cover Pages: http://xml.coverpages.org/ Newsletter: http://xml.coverpages.org/newsletterArchive.html Tel: +1 972-296-1783 -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393 


  • 6.  Re: [staff-bizdev] FYI about Draft RFCs: ISAO SO Documents Posted for Comment

    Posted 05-04-2016 18:03
    Thanks.  I am planning to drive down for this one, as it's local to me.  JBC On Wed, May 4, 2016, Robin Cover < robin@oasis-open.org > wrote: FYI, in case this was missed (I missed it initially): The ISAO SO has reached an important milestone. Volunteers came together in January with a common goal of producing useful guidelines for the creation and functioning of ISAOs. The Request for Comment (RFC) documents below span the range of topics represented by our six Standards Working Groups. While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate. Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines. Comments received by Friday, June 17th, will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents. Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. https://www.isao.org/products/drafts/ https://www.isao.org/drafts/isao-so-product-outline-v0-2/ https://www.isao.org/drafts/isao-startup-topics-v0-2/ https://www.isao.org/drafts/isao-capabilities-and-categories-v0-2/ https://www.isao.org/drafts/cybersecurity-related-information-sharing-guidelines-v0-2/ https://www.isao.org/drafts/privacy-v0-2/ https://www.isao.org/drafts/security-v0-2/ https://www.isao.org/drafts/support-intake-process-v0-2/ https://www.isao.org/drafts/government-programs-and-services-available-to-assist-isaos-v0-2/ https://www.isao.org/drafts/government-relations-considerations-v0-2/ =========== The Information Sharing and Analysis Organization (ISAO) Standards Organization (SO), in partnership with the six established ISAO SO Standards Working Groups (SWG), has posted nine Request for Comment (RFC) documents reflecting our progress since the working groups were established four months ago.  This is the first iteration of draft products that will be used in the development of voluntary standards for ISAOs as they relate to Executive Order 13691.   The RFC documents span the range of topics represented by our six Standards Working Groups.  While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate.  Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines.  Comments can be submitted via our Draft Products page.  Additional questions can be directed to Contact@isao.org .   Comments received by Friday, June 17 th , will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents.  (Comments will be accepted after this date, but may not be reflected until later iterations of draft standards documents.)  Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. As part of our collaborative, transparent, and industry-driven process, the ISAO SO has scheduled a public meeting to discuss these draft documents and we encourage you to attend to share your views and shape the further development of these important products.  The open forum will be held May 19, 2016 , in Anaheim, California.  For additional information about the meeting, to make reservations, and to take advantage of discounted rates at the Hilton Anaheim, please visit our Event page at www.ISAO.org .    Please take time to review these draft products and share your thoughts and recommendations.  Hope to see you in Anaheim!   Regards, Rick Richard A. Lipsey Deputy Director ISAO Standards Organization -- Robin Cover OASIS, Director of Information Services Editor, Cover Pages and XML Daily Newslink Email: robin@oasis-open.org Staff bio: http://www.oasis-open.org/people/staff/robin-cover Cover Pages: http://xml.coverpages.org/ Newsletter: http://xml.coverpages.org/newsletterArchive.html Tel: +1 972-296-1783


  • 7.  Fwd: [staff-bizdev] FYI about Draft RFCs: ISAO SO Documents Posted for Comment

    Posted 05-05-2016 21:07
    Members of the CTI TC,  I'm forwarding this email from Robin. The ISAO Standards Organization has released at set of draft documents with a request for comments, linked below. Please feel free to share these with others who may be interested.  Feel free to shoot us any questions.  Best regards,  /chet  ---------- Forwarded message ---------- From: Robin Cover < robin@oasis-open.org > Date: Wed, May 4, 2016 at 9:02 AM Subject: [staff-bizdev] FYI about Draft RFCs: ISAO SO Documents Posted for Comment To: Staff BizDev < staff-bizdev@lists.oasis-open.org > Cc: Robin Cover < robin@oasis-open.org > FYI, in case this was missed (I missed it initially): The ISAO SO has reached an important milestone. Volunteers came together in January with a common goal of producing useful guidelines for the creation and functioning of ISAOs. The Request for Comment (RFC) documents below span the range of topics represented by our six Standards Working Groups. While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate. Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines. Comments received by Friday, June 17th, will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents. Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. https://www.isao.org/products/drafts/ https://www.isao.org/drafts/isao-so-product-outline-v0-2/ https://www.isao.org/drafts/isao-startup-topics-v0-2/ https://www.isao.org/drafts/isao-capabilities-and-categories-v0-2/ https://www.isao.org/drafts/cybersecurity-related-information-sharing-guidelines-v0-2/ https://www.isao.org/drafts/privacy-v0-2/ https://www.isao.org/drafts/security-v0-2/ https://www.isao.org/drafts/support-intake-process-v0-2/ https://www.isao.org/drafts/government-programs-and-services-available-to-assist-isaos-v0-2/ https://www.isao.org/drafts/government-relations-considerations-v0-2/ =========== The Information Sharing and Analysis Organization (ISAO) Standards Organization (SO), in partnership with the six established ISAO SO Standards Working Groups (SWG), has posted nine Request for Comment (RFC) documents reflecting our progress since the working groups were established four months ago.  This is the first iteration of draft products that will be used in the development of voluntary standards for ISAOs as they relate to Executive Order 13691.   The RFC documents span the range of topics represented by our six Standards Working Groups.  While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate.  Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines.  Comments can be submitted via our Draft Products page.  Additional questions can be directed to Contact@isao.org .   Comments received by Friday, June 17 th , will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents.  (Comments will be accepted after this date, but may not be reflected until later iterations of draft standards documents.)  Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. As part of our collaborative, transparent, and industry-driven process, the ISAO SO has scheduled a public meeting to discuss these draft documents and we encourage you to attend to share your views and shape the further development of these important products.  The open forum will be held May 19, 2016 , in Anaheim, California.  For additional information about the meeting, to make reservations, and to take advantage of discounted rates at the Hilton Anaheim, please visit our Event page at www.ISAO.org .    Please take time to review these draft products and share your thoughts and recommendations.  Hope to see you in Anaheim!   Regards, Rick Richard A. Lipsey Deputy Director ISAO Standards Organization -- Robin Cover OASIS, Director of Information Services Editor, Cover Pages and XML Daily Newslink Email: robin@oasis-open.org Staff bio: http://www.oasis-open.org/people/staff/robin-cover Cover Pages: http://xml.coverpages.org/ Newsletter: http://xml.coverpages.org/newsletterArchive.html Tel: +1 972-296-1783 -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393 


  • 8.  Re: [cti] Fwd: [staff-bizdev] FYI about Draft RFCs: ISAO SO Documents Posted for Comment

    Posted 05-06-2016 01:14
    Chet, A basic question.  Doesn't the Cybersecurity Information Sharing Act of 2015 as organic law (and in Europe, the NIS Directive) - both enacted into law in December - effectively supersede whatever role this ISOA SO contract effort was expected to play under the old EO?  The entity itself has no jurisdiction or authority.  Put another way, isn't the TC CTI itself fulfilling the principal purposes of the Act? Do any of these materials have anything substantive in them on which to comment?  Just an inquiring mind question. --tony On 2016-05-05 5:07 PM, Chet Ensign wrote: FYI, in case this was missed (I missed it initially):


  • 9.  Re: [cti] Fwd: [staff-bizdev] FYI about Draft RFCs: ISAO SO Documents Posted for Comment

    Posted 05-06-2016 12:39
    Hi Tony - that's a good question - two actually.  I've copied Jamie. He may have a better feel for the interplay between the effects of the act and the ISAO. Since the DHS is continuing to fund the operation of the ISAO, I'm guessing it doesn't see it as superseded.  As to substantive, I am no expert. That's why I thought the best course of action was to share it with all of you. To me, on skimming, these look more like statements of principles and requirements. But I didn't want to assume that the material isn't relevant.  /chet On Thu, May 5, 2016 at 9:14 PM, Tony Rutkowski < tony@yaanatech.com > wrote: Chet, A basic question.  Doesn't the Cybersecurity Information Sharing Act of 2015 as organic law (and in Europe, the NIS Directive) - both enacted into law in December - effectively supersede whatever role this ISOA SO contract effort was expected to play under the old EO?  The entity itself has no jurisdiction or authority.  Put another way, isn't the TC CTI itself fulfilling the principal purposes of the Act? Do any of these materials have anything substantive in them on which to comment?  Just an inquiring mind question. --tony On 2016-05-05 5:07 PM, Chet Ensign wrote: FYI, in case this was missed (I missed it initially): -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393 


  • 10.  Re: [cti] Fwd: [staff-bizdev] FYI about Draft RFCs: ISAO SO Documents Posted for Comment

    Posted 05-06-2016 13:23
      |   view attached
    Hi Chet, As we all know, it is difficult to stop funding when the activity is ensuing entirely on the basis of an Executive Order - even if it was perhaps not well considered, and now essentially superseded. It's worth noting Bob Dix's related blog posting on this subject on the AFEA site.  Bob is well known to those in the cyber security community over many years. http://www.afcea.org/content/?q=Blog-situational-awareness-will-inform-risk-management-decision-making Bob's observations are also relevant on the larger international stage where some of us are significantly engaged.  The European Union's NIS Directive is in many ways similar to the U.S. Cybersecurity Act, and most nations around the world have cybersecurity threat sharing initiatives. The continuance of a non-substantive isao.org activity creates confusion and is not helpful to reconciling common global cyber security information sharing needs.  Conversely, OASIS' TC CTI work is central to those needs - and is what deserves enhanced focus and resources. To put these admonitions into practice, attached is a presentation made at the most recent ETSI TC CYBER meeting that analyzes both the U.S. Act and the EU NIS to extract the articulated constructs, models, entities, interfaces, and information exchange expressions.   The objective is to facilitate convergence and the sharing of scarce global resources as the rapporteur for several related TC CYBER work items. best, tony On 2016-05-06 8:38 AM, Chet Ensign wrote: Hi Tony - that's a good question - two actually.  I've copied Jamie. He may have a better feel for the interplay between the effects of the act and the ISAO. Since the DHS is continuing to fund the operation of the ISAO, I'm guessing it doesn't see it as superseded.  As to substantive, I am no expert. That's why I thought the best course of action was to share it with all of you. To me, on skimming, these look more like statements of principles and requirements. But I didn't want to assume that the material isn't relevant.  /chet Attachment: CYBER(16)006022_Cyber_Threat_Sharing_Developments.pptx Description: application/vnd.openxmlformats-officedocument.presentationml.presentation


  • 11.  Re: [cti] Fwd: [staff-bizdev] FYI about Draft RFCs: ISAO SO Documents Posted for Comment

    Posted 05-06-2016 11:00
    For now I can find some interesting elements It seems there is some duplicate efforts with NIST SP 800-150 draft also open for comments, making review/comments for both harder :p Maybe an opportunity for collaboration  On Friday, 6 May 2016, Chet Ensign < chet.ensign@oasis-open.org > wrote: Members of the CTI TC,  I'm forwarding this email from Robin. The ISAO Standards Organization has released at set of draft documents with a request for comments, linked below. Please feel free to share these with others who may be interested.  Feel free to shoot us any questions.  Best regards,  /chet  ---------- Forwarded message ---------- From: Robin Cover < robin@oasis-open.org > Date: Wed, May 4, 2016 at 9:02 AM Subject: [staff-bizdev] FYI about Draft RFCs: ISAO SO Documents Posted for Comment To: Staff BizDev < staff-bizdev@lists.oasis-open.org > Cc: Robin Cover < robin@oasis-open.org > FYI, in case this was missed (I missed it initially): The ISAO SO has reached an important milestone. Volunteers came together in January with a common goal of producing useful guidelines for the creation and functioning of ISAOs. The Request for Comment (RFC) documents below span the range of topics represented by our six Standards Working Groups. While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate. Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines. Comments received by Friday, June 17th, will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents. Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. https://www.isao.org/products/drafts/ https://www.isao.org/drafts/isao-so-product-outline-v0-2/ https://www.isao.org/drafts/isao-startup-topics-v0-2/ https://www.isao.org/drafts/isao-capabilities-and-categories-v0-2/ https://www.isao.org/drafts/cybersecurity-related-information-sharing-guidelines-v0-2/ https://www.isao.org/drafts/privacy-v0-2/ https://www.isao.org/drafts/security-v0-2/ https://www.isao.org/drafts/support-intake-process-v0-2/ https://www.isao.org/drafts/government-programs-and-services-available-to-assist-isaos-v0-2/ https://www.isao.org/drafts/government-relations-considerations-v0-2/ =========== The Information Sharing and Analysis Organization (ISAO) Standards Organization (SO), in partnership with the six established ISAO SO Standards Working Groups (SWG), has posted nine Request for Comment (RFC) documents reflecting our progress since the working groups were established four months ago.  This is the first iteration of draft products that will be used in the development of voluntary standards for ISAOs as they relate to Executive Order 13691.   The RFC documents span the range of topics represented by our six Standards Working Groups.  While these documents are still in development, the ISAO SO is committed to providing early and ongoing opportunities for public comment and debate.  Your thoughtful inputs and constructive suggestions are important to the development of effective voluntary standards and guidelines.  Comments can be submitted via our Draft Products page.  Additional questions can be directed to Contact@isao.org .   Comments received by Friday, June 17 th , will be reviewed by the Standards Working Groups and adjudicated for inclusion or adjustment of the draft documents.  (Comments will be accepted after this date, but may not be reflected until later iterations of draft standards documents.)  Based on comments received, the ISAO SO may elect to post additional RFCs before final standards and guidelines are made available under the Published Products page. As part of our collaborative, transparent, and industry-driven process, the ISAO SO has scheduled a public meeting to discuss these draft documents and we encourage you to attend to share your views and shape the further development of these important products.  The open forum will be held May 19, 2016 , in Anaheim, California.  For additional information about the meeting, to make reservations, and to take advantage of discounted rates at the Hilton Anaheim, please visit our Event page at www.ISAO.org .    Please take time to review these draft products and share your thoughts and recommendations.  Hope to see you in Anaheim!   Regards, Rick Richard A. Lipsey Deputy Director ISAO Standards Organization -- Robin Cover OASIS, Director of Information Services Editor, Cover Pages and XML Daily Newslink Email: robin@oasis-open.org Staff bio: http://www.oasis-open.org/people/staff/robin-cover Cover Pages: http://xml.coverpages.org/ Newsletter: http://xml.coverpages.org/newsletterArchive.html Tel: +1 972-296-1783 -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393