OASIS-cti@ConnectedCommunity.org
Contacts
Chair: Alexandre Dulaunoy
CIRCL
alexandre.dulaunoy@circl.lu
Chair: Marlon Taylor
US Department of Homeland Security
marlon.taylor@cisa.dhs.gov
OASIS Staff Contact: Kelly Cullinane
OASIS
kelly.cullinane@oasis-open.org
Description
Supporting automated information sharing for cybersecurity situational awareness, real-time network defense, and sophisticated threat analysis
Group Notes
Table of Contents
Announcements
First STIX/TAXII 2.1 PlugFest Demonstrates Interoperability Between Cybersecurity Tools. Members of the CTI TC confirmed the multi-vendor interoperability of their CTI tools and verified their compliance with the STIX 2.1 and TAXII 2.1 Interoperability Test Documents. 15-17 June 2022
OriginBX Alliance for Digital Trade and STIX/TAXII Cybersecurity Standards Win Open Cup Awards. The Open Cup for Outstanding Approved Standard was awarded to STIX v2.1 & TAXII v2.1, two widely used cybersecurity standards that enable the automated exchange of cyber threat intelligence. 19 Jan 2022
The press release on STIX and TAXII's approval as OASIS Standards is available now. You can read it here.
STIX v2.1 and TAXII v2.1 OASIS Standards are approved and published
STIX Version 2.1 is approved as Committee Specification 02. This edition adds new objects and concepts and incorporates improvements based on experience implementing Version 2.0.
TAXII Version 2.1 is approved as a Committee Specification. A number of updates and additions have been added in response to testing and feedback. The list of major changes and additions can be found in Section 1.7.1.
OASIS Completes Second Successful Plugfest for STIX/TAXII 2 Interoperability: Cisco, Fujitsu, LookingGlass, NC4, New Context, U.S. DHS, and Others Participate in Event to Validate Threat Intelligence Sharing Standards. 29 June 2018
Cybersecurity Companies Demo Support for STIX and TAXII Standards for Automated Threat Intelligence Sharing at RSA 2018: Anomali, EclecticIQ, Fujitsu, Hitachi, IBM Security, New Context, NC4, ThreatQuotient, and TruSTAR Demo STIX and TAXII Support; 16 April 2018.
In TechRepublic video, Richard Struse of MITRE explains how STIX and TAXII give cyber defenders better weapons.
Sharing Cyber Threat Intelligence Just Got a Lot Easier. Learn about STIX and TAXII 2.0.
STIX and TAXII Version 2.0 are now approved and published OASIS Committee Specifications.
STIX and TAXII receive 2016 Open Standards Cup. Former CTI TC co-chair, Richard Struse of US Department of Homeland Security, was named Distinguished Contributor. See press release.
STIX, TAXII, and CybOX received the European Identity Conference (EIC) 2016 Award for Best Innovation/New Standard in Information Security. Congratulations to all CTI TC members.
Participation in the OASIS CTI TC is open to all interested parties. Contact join@oasis-open.org for more information.
Overview
The OASIS Cyber Threat Intelligence (CTI) TC was chartered to define a set of information representations and protocols to address the need to model, analyze, and share cyber threat intelligence. The CTI TC focuses on development and standardization of STIX (Structured Threat Information Expression) and TAXII (Trusted Automated Exchange of Indicator Information) under the OASIS open standards process.
The OASIS CTI Technical Committee will:
- define composable information sharing services for peer-to-peer, hub-and-spoke, and source subscriber threat intelligence sharing models
- develop standardized representations for campaigns, threat actors, incidents, tactics techniques and procedures (TTPs), indicators, exploit targets, observables, and courses of action
- develop formal models that allow organizations to develop their own standards-based sharing architectures to meet specific needs
For more information on the CTI TC, see the TC Charter.
Subcommittees
TC Tools and Approved Publications
Technical Work Produced by the Committee
OASIS TC Open Repositories Sponsored by the Committee
OASIS TC Open Repositories:
- cti-stix-slider: Supports development of a Python application to convert STIX 2.0 content to STIX 1.x content
External Resources
Although not produced by the OASIS CTI TC, the following information offers useful insights into its work:
Mailing Lists and Comments
cti: the discussion list used by CTI TC members to conduct Committee work. TC membership is required to post, and TC members are automatically subscribed. The public may view the OASIS list archives, also mirrored by MarkLogic at MarkMail.org.
cti-publicmirror: a read-only public mirror of the CTI TC discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-publicmirror-subscribe@lists.oasis-open.org
cti-users: a public forum for asking questions, offering answers, and discussing topics of interest on STIX and TAXII. Users and developers of solutions that leverage those cybersecurity specifications are invited to participate. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-users-subscribe@lists.oasis-open.org. The public may view the OASIS list archives, also mirrored by MarkLogic at MarkMail.org
cti-stix-publicmirror: a read-only public mirror of the CTI STIX Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-stix-publicmirror-subscribe@lists.oasis-open.org
cti-taxii-publicmirror: a read-only public mirror of the CTI TAXII Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-taxii-publicmirror-subscribe@lists.oasis-open.org
cti-cybox-publicmirror: (LIST DEPRECATED) a read-only public mirror of the CTI CybOX Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-cybox-publicmirror-subscribe@lists.oasis-open.org
cti-comment: a public mailing list for providing feedback on the technical work of the OASIS CTI TC. Send a comment or view the OASIS comment list archives, also mirrored by MarkLogic at MarkMail.org.
Press Coverage and Commentary
- OASIS Completes Second Successful Plugfest for STIX/TAXII 2 Interoperability: Cisco, Fujitsu, LookingGlass, NC4, New Context, U.S. DHS, and Others Participate in Event to Validate Threat Intelligence Sharing Standards. 29 June 2018
- Cybersecurity Companies Demo Support for STIX and TAXII Standards for Automated Threat Intelligence Sharing at RSA 2018: Anomali, EclecticIQ, Fujitsu, Hitachi, IBM Security, New Context, NC4, ThreatQuotient, and TruSTAR Demo STIX and TAXII Support; 16 April 2018.
- OASIS Completes 1st Successful Plugfest for STIX/TAXII 2 Interoperability: Anomali, Cisco, Fujitsu, IBM Security, LookingGlass Cyber Solutions, NC4, New Context, Phantom, and Others Participate in Event to Validate Threat IntellIgence Sharing Standards.
- RSA 2017 Features Huge Demonstration of Support for Cyber Threat Intelligence, Encryption, and Cryptography Standards as 24 OASIS Member Companies Collaborate. Bay Dynamics, DFLabs, EclecticIQ, Fujitsu, IBM, LookingGlass, New Context, NC4, ThreatConnect, ThreatQuotient, TruSTAR, and Verisign Demo STIX and TAXII Support. 13 Feb 2017
- STIX, TAXII, and CybOX receive 2016 Open Standards Cup; CTI TC co-chair, Richard Struse of US Department of Homeland Security, named Distinguished Contributor; 8 Aug 2016
- "United we stand: Protecting against cyber threats with standards for sharing"; OECD ITAC News, 27 Jul 2015
- "DHS Transitions STIX, TAXII and CybOX Standards to OASIS"; DarkMatters, 29 July 2015
- "OASIS Advances Automated Cyber Threat Intelligence Sharing with STIX, TAXII, CybOX"; Boeing, Check Point, Cisco, Dell, EMC, eSentire, Fortinet, Fujitsu, IBM, iboss, iSIGHT Partners, NEC, New Context, Palo Alto Networks, Resilient, Securonix, Soltra, TELUS, ThreatQuotient, ThreatStream, TruSTAR, US DHS Office of Cybersecurity and Communications, US NIST, ViaSat, and Others Collaborate on International Standards to Prevent and Defend Against Cyber Attack; 17 July 2015