[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Another OASIS Brand opportunity courtesy of US Gov
The Federal Register today contains
https://www.federalregister.gov/documents/2023/10/03/2023-21328/federal-acquisition-regulation-cyber-threat-and-incident-reporting-and-information-sharing which proposes changes to Federal Acquisition Regulations (FAR) ie how the USG buys the $1T worth
of things they buy each year. There are several provisions in the proposed changes which benefit OASIS (or conversely which are made possible by OASIS standards – the benefit to OASIS comes if we make sure people associate our work with our brand. Although not called out by name, STIX is crucial for the Security Incident Reporting changes to the FAR. Even if companies don’t report using STIX, the USG will need to convert them to STIX since they have already standardized on STIX for
information sharing between USG and ISACs. Again, although not called out by name, CSAF is integral to being able to require the SBOMs and make use of them as specified by the new FAR regs. I suggest OASIS staff have an OASIS response to the call for comments. Note all comments will be public and if nothing else it could be a brief marketing blurb to the non-gov readers of the comments. But more importantly, it will establish
the OASIS brand with the USG readers of the comments. I also recommend the board members liaison with their public affairs offices and gently influence their company comments. I expect most companies will comment against these changes, and how they will be costly, etc. I honestly believe they
will benefit society at large – ie the costs will be worth it. Even if your company position is hostile to these changes, it might still be possible to get shoutouts to OASIS in it (eg. “If you are going to make us do this, let’s all use a standard like OASIS
STIX for sharing info and OASIS CSAF for sharing vulnerability info)”. -- Duncan Sparrell sFractal Consulting iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at http://vsre.info/ |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]