OASIS-openc2@ConnectedCommunity.org
Contacts
Chair: Duncan Sparrell, sFractal Consulting LLC
duncan@sfractal.com
Chair: Michael Rosa, National Security Agency
mjrosa@cyber.nsa.gov
OASIS Staff Contact: Kelly Cullinane
kelly.cullinane@oasis-open.org
Charter
The OpenC2 TC charter is available here. The OpenC2 TC was established in June 2017. The charter was reviewed and clarified in March 2021; it will be reviewed again in March 2025.
Description
Creating a standardized language for the command and control of technologies that provide or support cyber defenses.
Table of Contents
Announcements
Information Modeling with JADN Version 1.0 is now approved as a Committee Note. A link can be found in Technical Work Produced by the Committee. (26 April 2023)
OpenC2 Architecture Specification v1.0 is now approved as a Committee Specification. A link can be found in Technical Work Produced by the Committee. (30 September 2022)
Specification for Transfer of OpenC2 Messages via HTTPS v1.1 is now approved as a Committee Specification. See the details in the announcement. (30 November 2021)
Specification for Transfer of OpenC2 Messages via MQTT Version 1.0 is now approved as a Committee Specification. See the details in the announcement. (19 November 2021)
A high level overview of OpenC2 featuring insights from the Technical Director of NSA's Capabilities Directorate can be viewed at OpenC2 Overview (YouTube).
Specification for JSON Abstract Data Notation (JADN) Version 1.0 has been approved and released as Committee Specification 01. Information can be found in the announcement. (17 August 2021)
The TC's three specifications were approved as OASIS Committee Specifications in July 2019:
- Open Command and Control (OpenC2) Language Specification Version 1.0,
- Open Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0, and
- Specification for Transfer of OpenC2 Messages via HTTPS Version 1.0
For more information, see the announcement.
A minor update to the Language Specification was approved in November 2019, so its current version is v1.0 CS02. The announcement for that update can be found here.
See press release: "International Community Comes Together at OASIS to Advance OpenC2 Standard for Automated Defense Against Cyber-Attacks."
You may join the OASIS OpenC2 TC at any time. Contact join@oasis-open.org for more information.
Overview
OpenC2 is a suite of specifications to enable command and control (C2) of cyber defense systems and components. OpenC2 is defined across a family of specifications of several types:
-
The OpenC2 Architecture Specification describes the fundamental structures of OpenC2 and provides a blueprint for developing Actuator Profiles and Transfer Specifications.
-
The OpenC2 Language Specification provides the semantics for the essential elements of the language, the structure for Commands and Responses, and the schema that defines the proper syntax for the language elements that represents the Command or Response. The Language Specification also defines the mechanisms for extending the OpenC2 language.
-
OpenC2 Actuator Profiles specify the subset of the OpenC2 language relevant in the context of specific actuator functions. Cyber defense components, devices, systems and/or instances may (in fact are likely to) implement multiple profiles. A profile refines the meaning of language elements (actions, targets, command arguments, results) used to perform the actuator function, and often defines additional elements that are relevant and/or unique to that function.
-
OpenC2 Transfer Specifications utilize existing protocols and standards to implement OpenC2 message transfer in specific environments. These standards are used for communications and security functions beyond the scope of the language, such as message transfer encoding, authentication, and end-to-end transport of OpenC2 Messages.
OpenC2 published specifications are listed under Technical Work Produce by the Committee. For more information on the OpenC2 TC, see the TC Charter.
OpenC2 TC standing rules can be found under Additional Information.
The TC uses GitHub for work product development and general operations. The TC Operations repository contains documents that outline the TC's operating conventions.
TC Liaisons
No TC Liaisons have been announced for this TC.
TC Tools and Approved Publications
- OASIS Library for Approved Publications
- Version Control (GitHub Repositories):
- openc2-cacao-ext - Developing an OASIS Committee Specification for an extension that builds on existing CACAO v2.0 OpenC2 support to improve modularity and utilize the current OpenC2 Transfer Specifications for MQTT (v1.0) and HTTPS (v1.1).
- openc2-cn-apdev - Developing an OASIS Committee Note describing a process for developing OpenC2 Actuator Profiles (APs), including the use of the JSON Abstract Data Notation (JADN) information modeling language in the development of APs.
- openc2-ap-hunt A GitHub to define an actuator profile to automate management of cyber threat hunting activities using OpenC2.
- openc2-ap-pac - A GitHub to focus on developing an Actuator Profile for security Posture Attribute Collection.
- openc2-ap-swup - A GitHub to focus on the use of OpenC2 to issue commands and parse responses to devices (virtual or physical) whose software can be updated.
- openc2-ap-lc - A GitHub to focus on the use of OpenC2 to issue commands to and parse responses from systems that generate events such as system log, application log, or error log messages
- openc2-ap-av - A GitHub to focus on the use of OpenC2 to issue commands and parse responses to hardware or software that can control an anti-virus engine.
- openc2-ap-pf - A GitHub to focus on the use of OpenC2 to issue commands and parse responses to hardware or software that can control administrative policies regarding network packets.
- openc2-ap-edr - Defining Actions, Targets, Specifiers and Options that are consistent with the version 1.0 of the OpenC2 Language Specification in the context of command and control of various endpoint detection and response technologies.
- openc2-ap-ids - Developing a concise and extensible language to enable the command and control of cyber defense components.
- openc2-cloudpubsub - Supporting work on a Committee Note that provides an overview of members' experience using Google Cloud Platform (GCP) Pub/Sub messaging to transfer OpenC2 messages.
- openc2-transf-http - Supporting TC members' work on a formal specification that describes the use of HTTP as a transfer mechanism for OpenC2 messages.
- openc2-tc-ops - Documentation associated with TC operations and information sharing such as FAQs, lists of links to related work, and norms for developing and approving TC work products. Given the intent of the repo we are making all co-chairs maintainers
- openc2-ap-sfpf - This repository is focused on the use of OpenC2 to issue commands and parse responses to a firewall.
- openc2-jadn - Specifying a vocabulary to describe the meaning of structured data, to provide hints for user interfaces working with structured data, and to make assertions about what a valid instance must look like.
- openc2-jadn-im - Describes the use of information models (IMs), explains how to construct IMs using JADN, and contrasts IMs with other modeling approaches, such as Entity-Relationship models for databases, and knowledge models / ontologies.
- openc2-transf-odxl - This specification describes the use of the Open Data Exchange Layer (OpenDXL) as a transport mechanism for OpenC2 messages.
- openc2-transf-mqtt — This GitHub repository supports development of content and change tracking for the OpenC2 MQTT transfer specification as new working draft level revisions are created and the associated CSDs mature.
- openc2-impl-https - A repository used by TC members to propose and track changes to the OpenC2 HTTPS implementation specification.
- openc2-cap - A repository for use by TC members to collaborate on development of OpenC2 "cap" profiles (custom actuator profiles).
- openc2-glossary — A repository to support development of an OpenC2 Glossary as one of the TC's chartered deliverables
Technical Work Produced by the Committee
The TC is actively developing several related specifications (the links below point to the latest available version of each specification in HTML format):
- OpenC2 Architecture Specification v1.0 — OpenC2 is a suite of specifications for Producers and Consumers to command and execute cyber defense functions. The OpenC2 Architecture Specification describes the fundamental structures of OpenC2 and provides a blueprint for developing Actuator Profiles and Transfer Specifications.
- OpenC2 Language Specification v1.0 — The OpenC2 Language Specification provides the semantics for the essential elements of the language, the structure for commands and responses, and the schema that defines the proper syntax for the language elements that represents the command or response. OpenC2 Language Specification became a Committee Specification (CS01) 11 July 2019. CS02 of the Language Specification was approved on 24 November 2019 and is the current version.
- Specification for Transfer of OpenC2 Messages via HTTPS Version 1.1 - OpenC2 transfer specifications utilize existing protocols and standards to implement OpenC2 in specific environments. This specification specifies the use of HTTP over TLS as a transfer mechanism for OpenC2 Messages. A Testing conformance target is provided to support interoperability testing without security mechanisms. Specification for Transfer of OpenC2 Messages via HTTPS Version 1.1 became a Committee Specification 30 November 2021.
- Specification for Transfer of OpenC2 Messages via MQTT Version 1.0 - OpenC2 transfer specifications utilize existing protocols and standards to implement OpenC2 in specific environments. This specification describes the use of MQTT Version 5.0, a widely-used publish / subscribe (pub/sub) transfer protocol, as a transfer mechanism for OpenC2 messages. Specification for Transfer of OpenC2 Messages via MQTT became a Committee Specification 19 November 2021.
- Open Command and Control (OpenC2) Profile for Stateless Packet Filtering v1.0
— OpenC2 Actuator Profiles specify the subset of the OpenC2 language relevant in the context of specific actuator functions. This actuator profile specifies the set of actions, targets, specifiers, and command arguments that integrates Stateless Packet Filtering functionality with the Open Command and Control (OpenC2) command set. OpenC2 Profile for Stateless Packet Filtering v1.0 became a Committee Specification 11 July 2019.
- Specification for Transfer of OpenC2 Messages via HTTPS v1.0 — OpenC2 transfer specifications utilize existing protocols and standards to implement OpenC2 in specific environments. This specification describes the use of HTTP over TLS as a transfer mechanism for OpenC2 messages. Specification for Transfer of OpenC2 Messages via HTTPS became a Committee Specification 11 July 2019.
In addition to the above OpenC2 specifications, JSON Abstract Data Notation Version 1.0. defines a UML-based information modeling language that defines data structure independently of data format. Information models are used to define and generate physical data models, validate information instances, and enable lossless translation across data formats. A JADN specification consists of two parts: type definitions that comprise the information model, and serialization rules that define how information instances are represented as data. The information model is itself an information instance that can be serialized and transferred between applications. The model is documented using a compact and expressive interface definition language, property tables, or entity relationship diagrams, easing integration with existing design processes and architecture tools. While developed by the OpenC2 TC, JADN is applicable to a broad range of information modeling applications.
The TC has published a Committee Note, Information Modeling with JADN Version 1.0, as a companion to the JADN Specification. This Committee Note describes the use of IMs, explains how to construct IMs using JADN, and contrasts IMs with other modeling approaches, such as Entity-Relationship models for databases, and knowledge models / ontologies.
OASIS TC Open Repositories Sponsored by the Committee
The OpenC2 TC sponsors a collection of open source code repositories; you can view a list on GitHub (sorted by most recent update). Here is a brief summary of the repositories:
- openc2-oif-obo - A GitHub repository to support implementing the the OIF Bridge Orchestrator (OBO), an OpenC2 Integration Framework (OIF) product that can be configured as an intermediate producer-consumer.
- openc2-lycan-elixir - A GitHub for developing a collection of applications and libraries, coded in Elixir, a language that runs on the BEAM virtual machine, for the purpose of implementing OpenC2.
- openc2-iosacl-adapter - A GitHub for a prototype implementation in R to transform between OpenC2 and Cisco IOS formats. The adapter supports access control list (ACL) management.
- openc2-custom-aps - A GitHub public repository for collaboratively developing OpenC2 Custom Actuator Profiles
- openc2-lycan-python — A GitHub public repository for development of a python library to transform between data-interchange formats (such as JSON) and python language objects
- openc2-lycan-java — A GitHub public repository for development of a java library to transform between data-interchange formats (such as JSON) and java language objects
- openc2-lycan-beam — Developing a collection of applications and libraries, coded in languages that run on the BEAM virtual machine (e.g., erlang, elixir), for the purpose of implementing OpenC2
- openc2-compatibility — Supporting the capture of OpenC2 core design principles and development of implementation guidelines so that implementers can agree on language and protocols to build interoperable systems
- openc2-ocas — OpenC2 API Simulator erlang/OTP application designed to demonstrate and exercise the OpenC2 specification
- openc2-yuuki — Yuuki is a python package for building an OpenC2 proxy using multiple dispatch on type with updating of actuators without interrupting the operations of the orchestrator or other actuators
- openc2-pub-sub-on-bsd — A prototype reference implementation that demonstrates OpenC2 working within a pub/sub environment
- openc2-jadn — Supports Development and maintenance of JADN (JSON Abstract Data Notation), a JSON document format for defining abstract schemas
- openc2-orchid — OpenC2 proxy built in Django to provide a simple, modular API accepting OpenC2 commands and converting them into Python actions
- openc2-iacd — Supports development of a Java OpenC2 implementation which implements fifteen OpenC2 actions issued to nine actuators
- openc2-reactor-master — A feedback-driven GUI master/actuator orchestration framework for the OpenC2 language, written in Python
- openc2-reactor-relay — A simple, modular API for accepting OpenC2 commands and converting them into Python actions
Expository Work Produced by the Committee
There are no approved expository work products for this TC yet.
External Resources
Additional information about OpenC2 can be found at the OpenC2.org website, including an overview of the projects goals, an FAQ, a detailed publication history for the TC's work products, recent OpenC2 news and links to many OpenC2-related efforts.
Discussion Lists and Comments
As with all OASIS Technical Committees, OpenC2 has two discussion lists: one for communications among TC members and a publicly-available list to submit comments on OpenC2 work products.
- The openc2 discussion list is used by TC members to conduct committee work. TC membership is required to post, and all OpenC2 TC members are automatically subscribed (NOTE: only TC members can view this roster). The TC discussion list is publicly viewable but non-members cannot contribute to it.
- The openc2-comment list is a separate discussion list for operated by OASIS for non-members to submit feedback on the technical work of the OASIS OpenC2 TC. Non-TC-members must join the comment list (an OASIS community platform account is required but OASIS membership is not necessary) in order to be able to post comments.
Both the TC discussion list and the public comment list maintain history starting from the founding of the OpenC2 TC in June 2017. Due to OASIS' shift to its new community platform in March 2024, information in older messages regarding the operation of the lists is no longer valid.
Press Coverage and Commentary
- "International Community Comes Together at OASIS to Advance OpenC2 Standard for Automated Defense Against Cyber-Attacks"; Anomali, Arbor Networks, Centripetal, Cisco, Cryptsoft, EclecticIQ, FireEye, ForeScout, Fornetix, FS-ISAC, G2, IBM, LookingGlass, McAfee, NC4, NEC, New Context, Phantom, Swimlane, Tanium, ThreatQuotient, U.S. DoD, U.S. NSA, U.S. NIST, and Others Define Open Command and Control (OpenC2); 5 Sept 2017
Standing Rules
The OpenC2 Technical Committee has adopted the following standing rules.
SR-1: Suspension Of Standing Rules For The Duration Of The Meeting
- The rules of OASIS or Roberts Rule of Order cannot be suspended as they are not standing rules and always apply.
- During the course of a meeting, a standing rule may be suspended for the duration of a meeting. A motion to suspend a standing rule is not debatable and must be called to question immediately.
- The rule will be suspended if any of the following criteria are met:
- By a vote of 2/3 majority of the voting members present without prior notice
- By a simple majority vote of the voting members present with prior notice
SR-2: CANCELLED
SR-3: Consideration Of Agenda Items For Committee Meetings
- All TC members may propose agenda items to the technical committee by providing a summary of the item to the Secretary no later than five days prior to the meeting.
- All agenda items are subject to the approval of the co-chairs.
SR-4: Election and Term of OpenC2 Co-chairs
- The Technical Committee (TC) shall elect two co-chairs for a 24 month term.
- The period of each co-chair shall be offset by 12 months.
- The TC shall hold open elections in the month of March during the regular business meeting.
- All TC members (to include the incumbent co-chairs whose terms are up) are eligible for nomination for an office.
- In the event of a vacancy (such as a co-chair stepping down prior to the conclusion of their term), a replacement will be elected to complete the term.
SR-5: Authority to Create CSD / PRD Ballots
The TC authorizes the TC co-chairs to submit a Working Draft document that has received consensus in working meetings and from the TC Co-Chairs for electronic ballot to be a Committee Specification Draft (with or without an accompanying Public Review).
SR-6: Multiple Sessions for TC Meetings
When separate sessions of a TC business meeting are conducted
in a single day, those sessions shall be considered a single
meeting for purposes of determining quorum, approving
resolutions, maintaining voting rights, tracking actions,
publishing minutes, and other routine TC business functions.
Standing rules 1-6 were last reviewed and updated as of April 2024.
SR-7: Approving Additional CSD/CND Documents
The TC authorizes work product editor(s) to publish additional versions of a CSD or CND either on a regular basis or at their discretion without additional motions, calls for consent, or ballots once the TC has approved an initial draft version by a Full Majority Vote. (Adopted Nov 2024)
SR-8: Approving Additional Public Reviews
The TC authorizes the chair(s) to open new public reviews with each CSD, CND, TRD release, on a regular basis, or at their discretion, without additional motions, calls for consent, or ballots once the TC has approved an initial draft version by a Full Majority Vote. (Adopted Nov 2024)
SR-9: Approving Editorial Changes
The TC authorizes the chair(s) and editor(s) in coordination with OASIS Admin to also make editorial changes during the publication process without requiring approval from the TC. (Adopted Nov 2024)
OASIS-openc2@ConnectedCommunity.org