
Call for Consent for STIX v2.1 CS03 and TAXII v2.1 CS01 as OASIS Standards
Two key cybersecurity specifications put forward for approval as OASIS Standards
The OASIS Cyber Threat Intelligence (CTI) TC members [1] have approved submitting the following Committee Specifications to the OASIS Membership as candidates for OASIS Standard:
STIX Version 2.1
Committee Specification 03
21 May 2021
TAXII Version 2.1
Committee Specification 01
27 January 2020
This is a call to the primary or alternate representatives of OASIS Organizational Members to consent or object to this approval. You are welcome to register your consent explicitly on the ballot; however, your consent is assumed unless you register an objection [2]. To register an objection, you must:
1. Indicate your objection on this ballot, and
2. Provide a reason for your objection and/or a proposed remedy to the TC.
You may provide the reason in the comment box or by email to the Technical Committee on its comment mailing list or, if you are a member of the TC, to the TC’s mailing list [3]. If you provide your reason by email, please indicate in the subject line that this is in regard to the Call for Consent.
These Committee Specifications were approved by the Technical Committee and were submitted for the required 60-day public review [4]. STIX v2.1 CS 03 was produced with Non-Material Changes to correct errors reported during the 60-day public review. This was done in accordance with the procedures outlined in section 2.8.2 of the TC Process [5].
All requirements of the OASIS TC Process having been met [6][7], the candidates for OASIS Standard are now submitted to the voting representatives of OASIS Organizational Members.
Details
The Call for Consent opens at 28 May 2021 at 00:00 UTC and closes on 10 June 2021 at 23:59 pm UTC. You can access the ballot at:
Internal link for voting members: https://www.oasis-open.org/apps/org/workgroup/voting/ballot.php?id=3624
Publicly visible link: https://www.oasis-open.org/committees/ballot.php?id=3624
OASIS members should ensure that their organization’s voting representative responds according to the organization’s wishes. If you do not know the name of your organization’s voting representative is, go to the My Account page at
http://www.oasis-open.org/members/user_tools
then click the link for your Company (at the top of the page) and review the list of users for the name designated as “Primary”.
About STIX, TAXII, and the CTI TC
The OASIS Cyber Threat Intelligence (CTI) TC was chartered to define a set of information representations and protocols to address the need to model, analyze, and share cyber threat intelligence. The work was based initially on three specifications contributed by the US Department of Homeland Security (DHS) for development and standardization under the OASIS open standards process: STIX (Structured Threat Information Expression), TAXII (Trusted Automated Exchange of Indicator Information), and CybOX (Cyber Observable Expression).
Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence. STIX enables organizations and tools to share threat intelligence with one another in a way that improves many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.
The TC received 11 Statements of Use from Accenture Security, Anomali, Avast Software s.r.o., CISA, DarkLight, Inc., EclecticIQ B.V., Fujitsu, IBM, New Context, SEKOIA, and Trend Micro [2].
TAXII is an application layer protocol for the communication of cyber threat information in a simple and scalable manner. it is specifically designed to support the exchange of CTI represented in STIX, but is not limited to STIX.
The TC received 10 Statements of Use from Avast Software s.r.o., Celerium, CISA, Cyware Labs, EclecticIQ B.V., FreeTAXII, Fujitsu, SEKOIA, and Trend Micro [3].
During development of STIX v2.0, CybOX was merged into that work product.
URIs
The specification documents and related files are available here:
STIX Version 2.1
Editable source (Authoritative):
https://docs.oasis-open.org/cti/stix/v2.1/cs03/stix-v2.1-cs03.docx
HTML:
https://docs.oasis-open.org/cti/stix/v2.1/cs03/stix-v2.1-cs03.html
PDF:
https://docs.oasis-open.org/cti/stix/v2.1/cs03/stix-v2.1-cs03.pdf
ZIP distribution file:
https://docs.oasis-open.org/cti/stix/v2.1/cs03/stix-v2.1-cs03.zip
TAXII Version 2.1
Editable source (Authoritative):
https://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01.docx
HTML:
https://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01.html
PDF:
https://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01.pdf
ZIP distribution file:
https://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01.zip
Additional information
[1] Cyber Threat Intelligence (CTI) TC
https://www.oasis-open.org/committees/cti/
TC IPR page
https://www.oasis-open.org/committees/cti/ipr.php
[2] https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26#OScallForConsent
[3] CTI TC comment mailing list: cti-comment@lists.oasis-open.org
You must be subscribed to send to this list. To subscribe, see https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=cti.
CTI main mailing list: cti@lists.oasis-open.org
[4] Candidate for OASIS Standard Special Majority Votes:
Original ballot: https://www.oasis-open.org/committees/ballot.php?id=3570
Vote to approve STIX v2.1 CS02 with Non-Material Changes as CS02 and submit as a candidate for OASIS Standard: https://www.oasis-open.org/committees/ballot.php?id=3620
[5] (https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26/#OSpublicRev.
– Red-lined DIFF file: http://docs.oasis-open.org/cti/stix/v2.1/cs03/stix-v2.1-cs03-DIFF.pdf
[6] Public reviews:
* STIX v2.1 CS02
– 60-day public review, 22 Feb. 2021:
https://lists.oasis-open.org/archives/members/202102/msg00007.html
– Comment resolution log:
http://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02-comment-resolution-log.xlsx
– Prior public review metadata document, including timeline of previous public reviews:
http://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02-public-review-metadata.html
* TAXII v2.1 CS01
– 60-day public review, 22 Feb. 2021:
https://lists.oasis-open.org/archives/members/202102/msg00007.html
– Comment resolution log:
http://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01-comment-resolution-log.txt
– Prior public review metadata document, including timeline of previous public reviews:
http://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01-public-review-metadata.html
[7] Statements of Use:
STIX v2.1 CS02
– Accenture Security:
https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202102/msg00006.html
– Anomali
https://lists.oasis-open.org/archives/cti/202103/msg00029.html
– Avast Software s.r.o.
https://lists.oasis-open.org/archives/cti/202103/msg00016.html
– CISA (Cybersecurity and Infrastructure Security Agency)
https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202102/msg00022.html
– DarkLight, Inc
https://lists.oasis-open.org/archives/cti/202103/msg00015.html
– EclecticIQ B.V.
https://lists.oasis-open.org/archives/cti/202102/msg00027.html
– Fujitsu:
https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202102/msg00005.html
– IBM
https://lists.oasis-open.org/archives/cti/202103/msg00036.html
– New Context:
https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202101/msg00027.html
– SEKOIA
https://lists.oasis-open.org/archives/cti/202102/msg00012.html
– Trend Micro
https://lists.oasis-open.org/archives/cti/202102/msg00021.html
TAXII v2.1 CS01
– Avast Software s.r.o.
https://lists.oasis-open.org/archives/cti/202104/msg00014.html
– Celerium:
https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202007/msg00002.html
– Cyware Labs:
https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202007/msg00033.html
– EclecticIQ B.V.
https://lists.oasis-open.org/archives/cti/202102/msg00027.html
– FreeTAXII
https://lists.oasis-open.org/archives/cti/202101/msg00028.html
– Fujitsu
https://lists.oasis-open.org/archives/cti/202102/msg00005.html
– SEKOIA
https://lists.oasis-open.org/archives/cti/202102/msg00012.html
– Trend Micro
https://lists.oasis-open.org/archives/cti/202102/msg00021.html