Thank you to everyone that has contributed to this work and helped get it to this significant milestone. Regards Allan Thomson CACAO Co-Chair. On Jan 15, 2021, at 10:33 AM, Paul Knight <
paul.knight@oasis-open.org > wrote: OASIS Members and other interested parties, OASIS is pleased to announce that CACAO Security Playbooks Version 1.0 from the OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TC [1] has been approved as an OASIS Committee Specification. To defend against threat actors and their tactics, techniques, and procedures, organizations need to identify, create, document, and test detection, investigation, prevention, mitigation, and remediation steps. These steps, when grouped together, form a cyber security playbook that can be used to protect organizational systems, networks, data, and users. This specification defines the schema and taxonomy for cybersecurity playbooks and how cybersecurity playbooks can be created, documented, and shared in a structured and standardized way across organizational boundaries and technological solutions. This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation. The prose specifications and related files are available here: CACAO Security Playbooks Version 1.0 Committee Specification 01 12 January 2021 Editable source (Authoritative):
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/cs01/security-playbooks-v1.0-cs01.docx HTML:
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/cs01/security-playbooks-v1.0-cs01.html PDF:
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/cs01/security-playbooks-v1.0-cs01.pdf For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/cs01/security-playbooks-v1.0-cs01.zip Members of the CACAO TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above. Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work. ========== Additional references: [1] OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TC
https://www.oasis-open.org/committees/cacao/ [2] Public review metadata document:
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/csd02/security-playbooks-v1.0-csd02-public-review-metadata.html - Comment resolution log:
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/csd02/security-playbooks-v1.0-csd02-comment-resolution-log.txt [3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3551 -- Paul Knight Document Process OASIS Open +1 781-883-1783
paul.knight@oasis-open.org www.oasis-open.org Attachment: signature.asc Description: Message signed with OpenPGP