Project news

Invitation to comment on STIX™ V2.1 and TAXII™ V2.1 before Call for Consent as OASIS Standards – ends April 23rd

The specifications, defining a free, open language for describing and exchanging cyber threat intelligence, enters the 60-day public review that precedes the call for consent as an OASIS Standard.

OASIS and the Cyber Threat Intelligence (CTI) TC [1] are pleased to announce that STIX™ Version 2.1 and TAXII™ Version 2.1 are now available for public review and comment. General information and background about these public reviews can be found in and

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence. STIX enables organizations and tools to share threat intelligence with one another in a way that improves many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

The TC received 3 Statements of Use from Accenture Security, Fujitsu, and New Context [2].

TAXII is an application layer protocol for the communication of cyber threat information in a simple and scalable manner. it is specifically designed to support the exchange of CTI represented in STIX, but is not limited to STIX.

The TC received 5 Statements of Use from Fujitsu, Celerium, LookingGlass Cyber Solutions, Cyware Labs, and FreeTAXII [3]

The candidate specifications and related files are available here:

STIX™ Version 2.1
Committee Specification 02
25 January 2021

Editorial source (Authoritative):



TAXII™ Version 2.1
Committee Specification 01
27 January 2020

Editorial source (Authoritative):



For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP files at:



Public Review Period

The 60-day public reviews start 23 February 2021 at 00:00 UTC and end 23 April 2021 at 23:59 UTC.

This is an open invitation to comment. OASIS solicts feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility as explained in the instructions located via the button labeled “Send A Comment” at the top of the TC public home page, or directly at:

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with these public reviews of “STIX V2.1″ and “TAXII V2.1,” we call your attention to the OASIS IPR Policy [4] applicable especially [5] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information

[1] OASIS Cyber Threat Intelligence (CTI) TC

[2] STIX statements of use

[3] TAXII statements of use


Non-Assertion Mode