Call for Consent for STIX v2.1 CS03 and TAXII v2.1 CS01 as OASIS Standards

27 May 2021

Cybersecurity

Two key cybersecurity specifications put forward for approval as OASIS Standards

The OASIS Cyber Threat Intelligence (CTI) TC members [1] have approved submitting the following Committee Specifications to the OASIS Membership as candidates for OASIS Standard:

STIX Version 2.1
Committee Specification 03
21 May 2021

TAXII Version 2.1
Committee Specification 01
27 January 2020

This is a call to the primary or alternate representatives of OASIS Organizational Members to consent or object to this approval. You are welcome to register your consent explicitly on the ballot; however, your consent is assumed unless you register an objection [2]. To register an objection, you must:

1. Indicate your objection on this ballot, and

2. Provide a reason for your objection and/or a proposed remedy to the TC.

You may provide the reason in the comment box or by email to the Technical Committee on its comment mailing list or, if you are a member of the TC, to the TC’s mailing list [3]. If you provide your reason by email, please indicate in the subject line that this is in regard to the Call for Consent.

These Committee Specifications were approved by the Technical Committee and were submitted for the required 60-day public review [4]. STIX v2.1 CS 03 was produced with Non-Material Changes to correct errors reported during the 60-day public review. This was done in accordance with the procedures outlined in section 2.8.2 of the TC Process [5].

All requirements of the OASIS TC Process having been met [6][7], the candidates for OASIS Standard are now submitted to the voting representatives of OASIS Organizational Members.

Details

The Call for Consent opens at 28 May 2021 at 00:00 UTC and closes on 10 June 2021 at 23:59 pm UTC. You can access the ballot at:

Internal link for voting members: https://www.oasis-open.org/apps/org/workgroup/voting/ballot.php?id=3624

Publicly visible link: https://www.oasis-open.org/committees/ballot.php?id=3624

OASIS members should ensure that their organization’s voting representative responds according to the organization’s wishes. If you do not know the name of your organization’s voting representative is, go to the My Account page at

http://www.oasis-open.org/members/user_tools

then click the link for your Company (at the top of the page) and review the list of users for the name designated as “Primary”.

About STIX, TAXII, and the CTI TC

The OASIS Cyber Threat Intelligence (CTI) TC was chartered to define a set of information representations and protocols to address the need to model, analyze, and share cyber threat intelligence. The work was based initially on three specifications contributed by the US Department of Homeland Security (DHS) for development and standardization under the OASIS open standards process: STIX (Structured Threat Information Expression), TAXII (Trusted Automated Exchange of Indicator Information), and CybOX (Cyber Observable Expression).

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence. STIX enables organizations and tools to share threat intelligence with one another in a way that improves many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

The TC received 11 Statements of Use from Accenture Security, Anomali, Avast Software s.r.o., CISA, DarkLight, Inc., EclecticIQ B.V., Fujitsu, IBM, New Context, SEKOIA, and Trend Micro [2].

TAXII is an application layer protocol for the communication of cyber threat information in a simple and scalable manner. it is specifically designed to support the exchange of CTI represented in STIX, but is not limited to STIX.

The TC received 10 Statements of Use from Avast Software s.r.o., Celerium, CISA, Cyware Labs, EclecticIQ B.V., FreeTAXII, Fujitsu, SEKOIA, and Trend Micro [3].

During development of STIX v2.0, CybOX was merged into that work product.

URIs

The specification documents and related files are available here:

STIX Version 2.1

Editable source (Authoritative):
https://docs.oasis-open.org/cti/stix/v2.1/cs03/stix-v2.1-cs03.docx

HTML:
https://docs.oasis-open.org/cti/stix/v2.1/cs03/stix-v2.1-cs03.html

PDF:
https://docs.oasis-open.org/cti/stix/v2.1/cs03/stix-v2.1-cs03.pdf

ZIP distribution file:
https://docs.oasis-open.org/cti/stix/v2.1/cs03/stix-v2.1-cs03.zip

TAXII Version 2.1

Editable source (Authoritative):
https://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01.docx

HTML:
https://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01.html

PDF:
https://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01.pdf

ZIP distribution file:
https://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01.zip

Additional information

[1] Cyber Threat Intelligence (CTI) TC

https://www.oasis-open.org/committees/cti/

TC IPR page

https://www.oasis-open.org/committees/cti/ipr.php

[2] https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26#OScallForConsent

[3] CTI TC comment mailing list: cti-comment@lists.oasis-open.org

You must be subscribed to send to this list. To subscribe, see https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=cti.

CTI main mailing list: cti@lists.oasis-open.org

[4] Candidate for OASIS Standard Special Majority Votes:

Original ballot: https://www.oasis-open.org/committees/ballot.php?id=3570

Vote to approve STIX v2.1 CS02 with Non-Material Changes as CS02 and submit as a candidate for OASIS Standard: https://www.oasis-open.org/committees/ballot.php?id=3620

[5] (https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26/#OSpublicRev.

– Red-lined DIFF file: http://docs.oasis-open.org/cti/stix/v2.1/cs03/stix-v2.1-cs03-DIFF.pdf

[6] Public reviews:

* STIX v2.1 CS02

– 60-day public review, 22 Feb. 2021:

https://lists.oasis-open.org/archives/members/202102/msg00007.html

– Comment resolution log:

http://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02-comment-resolution-log.xlsx

– Prior public review metadata document, including timeline of previous public reviews:

http://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02-public-review-metadata.html

* TAXII v2.1 CS01

– 60-day public review, 22 Feb. 2021: