OASIS Threat Actor Context (TAC) TC

 View Only



Chair: Ryan Hohimer, Cyber Threat Intelligence Network, Inc. (CTIN)

Chair: Vasileios Mavroeidis, University of Oslo

OASIS Staff Contact: Kelly Cullinane


Enabling semantic interoperability of threat actor contextual information.

Group Notes

Table of Contents


Participation in the OASIS Threat Actor Context (TAC) TC is open to all interested parties. Contact join@oasis-open.org for more information.

The first meeting of the Threat Actor Context TC was successfully held on Friday, November 22, 2019 at 1:00 PM ET. Ryan Hohimer of DarkLight, Inc. was unanimously elected Chair of the TC.

In the second meeting of the Threat Actor Context TC on Tuesday, January 21, 2020 at 10:00 AM ET, Vasileios Mavroeidis of University of Oslo was unanimously elected Co-Chair of the TC.

The call for participation is out. See the announcement for details.


Today, organizations that share cyber threat intelligence are confronted by multiple schemas and a plethora of nonstandardized and ambiguous vocabularies. These limit an organization's ability to strategically correlate and analyze attack data, which could lead to a better understanding of their adversary's goals, capabilities, and trends in targeting and techniques.

The TAC TC seeks to resolve ambiguity across different sources and solutions to support organizing what is known and sharing information about threat actors. The TC will establish a common knowledge framework that enables semantic interoperability of threat actor contextual information and develop standardized vocabularies for threat actor characterization.

For more information, see the Threat Actor Context (TAC) TC Charter.

Technical Work Produced by the Committee

The committee has not yet produced any technical work.

Other Work Produced by the Committee

The committee has not yet produced any other supporting work.


No subcommittees have been formed for this TC.

TC Liaisons

No TC Liaisons have been announced for this TC.

TC Tools

  • tac-ontology - Managing Ontology Web Language (OWL) representations of the Threat Actor Context Technical Committee's (TAC-TC) work.

OASIS Open Source Repositories Sponsored by the Committee

  • tac-ontology - Creating an ontology for expressing the rich context around Threat Actors.

  • tac-common-semantic-individuals - Collecting common semantic individuals to be used by consumers and producers of Cyber Threat Intelligence that use Ontology-based knowledge management systems or in particular the Threat Actor Context Ontology (TAC Ontology)

External Resources

No external resources address the work of the TC.

Mailing Lists and Comments

tac: the discussion list used by TC members to conduct Committee work. TC membership is required to post, and TC members are automatically subscribed. The public may view the OASIS list archives.

tac-comment: a public mailing list for providing feedback on the technical work of the Threat Actor Context (TAC) TC. To send a comment, follow the instructions on the TC's public web page here or view the OASIS comment list archives.

Press Coverage and Commentary

Additional Information

Public Resources


Log in to see this information

Either the content you're seeking doesn't exist or it requires proper authentication before viewing.