OASIS Open Command and Control (OpenC2) TC

The International Telecommunications Union (ITU) is the United Nations agency charged with, among other things, standardizing telecommunications interfaces. They are divided into âStudy Groupsâ (SG) which
are a collection of âquestionsâ in a given area where a âquestionâ is roughly analogous to an OASIS TC. SG17 is the security SG and it next meets in Geneva, Switzerland 21-Jan to 30-Jan. I am a member of the US delegation and I will be attending a portion
of the meeting in Geneva.
 
One of the mandates to the ITU is to leverage (and not duplicate) the work done in other Standards Development Organizations (SDOâs). For example SG17 adopted Cybox and STIX from CTI (albeit they are still
on STIX 1). I volunteered to give a tutorial on OASIS to SG17 and it is scheduled for
8:30-9:20AM local time in Geneva on Thurs Jan 24.
 
In my tutorial, besides speaking on OASIS in general and on the fact that CTI has moved to STIX2 so maybe ITU should also, Iâll talk about OpenC2 for 2-3 slides. I havenât made them yet and I will circulate
a link to them to this list once I make them (probably at last instant). Iâd appreciate any pointers to existing slides and/or anyone who wants to help draft. And Iâd appreciate any help on the other OASIS topics (eg STIX2, SARIF, CSAF, KMIP, â.) as well.
 
Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more at  http://vsre.info /
 

Duncan, I will be at that meeting as well.  I presented at the last ITU SG17 meeting on CTI and where are things are going with regards to security standards outside of the ITU and the ITU has since made a formal request to OASIS to adopt / wrap STIX and TAXII in ITU standards.  However, per Chet, OASIS does not allow this until a standard has reached the level of an actual "OASIS Standard". A CS (Committee Specification) level is not sufficient.  So for STIX and TAXII that are both at a CS level for 2.0, this is a problem.  We are looking to see if we can move those, of the soon to be released 2.1 versions to a full OASIS standard. Lets talk off list about getting together in Geneva to talk, I have lots I would like to talk with you about. Bret From: openc2@lists.oasis-open.org <openc2@lists.oasis-open.org> on behalf of duncan sfractal.com <duncan@sfractal.com> Sent: Tuesday, January 8, 2019 3:05:33 PM To: TC OpenC2 Subject: [EXT] [openc2] FYI OpenC2 in OASIS Tutorial at ITU SG17   The International Telecommunications Union (ITU) is the United Nations agency charged with, among other things, standardizing telecommunications interfaces. They are divided into “Study Groups” (SG) which are a collection of “questions” in a given area where a “question” is roughly analogous to an OASIS TC. SG17 is the security SG and it next meets in Geneva, Switzerland 21-Jan to 30-Jan. I am a member of the US delegation and I will be attending a portion of the meeting in Geneva.   One of the mandates to the ITU is to leverage (and not duplicate) the work done in other Standards Development Organizations (SDO’s). For example SG17 adopted Cybox and STIX from CTI (albeit they are still on STIX 1). I volunteered to give a tutorial on OASIS to SG17 and it is scheduled for 8:30-9:20AM local time in Geneva on Thurs Jan 24.   In my tutorial, besides speaking on OASIS in general and on the fact that CTI has moved to STIX2 so maybe ITU should also, I’ll talk about OpenC2 for 2-3 slides. I haven’t made them yet and I will circulate a link to them to this list once I make them (probably at last instant). I’d appreciate any pointers to existing slides and/or anyone who wants to help draft. And I’d appreciate any help on the other OASIS topics (eg STIX2, SARIF, CSAF, KMIP, ….) as well.   Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at  http://vsre.info /