Press Release

STIX and TAXII Approved as OASIS Standards to Enable Automated Exchange of Cyber Threat Intelligence

Accenture, AIT, Anomali, Bank of America, Cisco Systems, Copado, Cryptoft, Cyware Labs, Dell, EclecticIQ, EPRI, Fujitsu, Hitachi, IBM, McAfee, NEC, SEKOIA, sFractal Consulting, Siemens AG, Sopra Steria Group, TELUS, ThreatQuotient, Trend Micro, U.S. Department of Defense, and US NIST Advance Key Cybersecurity Standards

14 July 2021 – OASIS Open and the members of the Cyber Threat Intelligence (CTI) Technical Committee (TC) are pleased to announce that Structured Threat Information Expression (STIX) v2.1 and Trusted Automated Exchange of Intelligence Information (TAXII) v2.1 have been approved as OASIS Standards. STIX and TAXII are widely used to prevent and defend against cyberattacks by enabling threat intelligence to be analyzed and shared among trusted partners and communities. As full OASIS Standards, STIX and TAXII can now be recognized by other International Standards bodies and referenced in official government procurements and rules.

The STIX standard defines a JSON-based language for sharing structured threat intelligence in a consistent, machine-readable manner, allowing organizations to better protect against, detect, and respond to cyber threats. STIX v2.1 adds new objects and capabilities, enabling it to better describe the cyber threats we confront today, as well as future-proofing STIX via STIX Extensions. As a result, STIX v2.1 creates a solid and stable foundation for vendors and consumers alike to exchange actionable CTI.

The TAXII standard defines a transport protocol which supports the exchange of STIX data over Hyper Text Transfer Protocol Secure (HTTPS). TAXII enables machine-to-machine sharing of CTI by defining an API that supports common sharing models used by industry and Information Sharing and Analysis Organizations (ISAOs).

“When I launched the STIX and TAXII initiatives at the US Department of Homeland Security over nine years ago, I always hoped that one day we would reach this milestone of full international standard status,” said OASIS CTI TC Co-chair Richard Struse of MITRE. “Since transitioning this work to OASIS six years ago, the members of the CTI TC have done a tremendous amount of work to give the global community practical standards that empower defenders to maximize their use of threat intelligence to protect their organizations. The community now should focus on using these standards to solve actual cybersecurity problems and to help thwart future cyber attacks.”

“OASIS has given us the ability to create a scalable and sustainable community where like-minded, passionate people come together to solve problems,” said Trey Darley of the Belgian National CERT, who co-chairs the OASIS CTI TC with Richard. “STIX v2.1 and TAXII v2.1 have reached full OASIS Standard status at a critical inflection point, when there’s such a need for more flexible and faster information sharing to enable defense against global cybersecurity threats. We have laid the foundation for cross-implementation interoperability, future-proofed STIX with the new extensions mechanism…I believe that these standards will enable the creation of new classes of security countermeasures…we’ve barely begun to scratch the surface.”

OASIS CTI Technical Committee:

Watch Open Matters: Cybersecurity & The Evolution of STIX & TAXII:

Support for STIX AND TAXII v2.1


“Publishing STIX and TAXII as full OASIS cyber threat intelligence sharing standards represents a huge milestone for the cybersecurity community. It is our mission to help businesses achieve cyber resilience through the standardized sharing of threat data to help companies more easily consume threat intelligence at speed with action. We are proud to be an OASIS sponsor and member of the CTI Technical Committee dedicated to developing better standards to secure the world.”

— Josh Ray, Managing Director – Cyber Defense Lead, Accenture Security


“We recognized early on the importance of a standardized method for exchanging cyber threat intelligence within our platform and our customers’ security ecosystem. We are excited to further the adoption and support of the latest STIX and TAXII versions for our customers and integration partners, which will help them to conduct more precise threat detection, optimize their response, and establish greater cyber resiliency.”

— Mark Alba, Chief Product Officer, Anomali


“Copado congratulates the OASIS CyberThreat Intelligence Committee in STIX 2.1 and TAXII 2.1 reaching Full OASIS Standard. The continuing effort to build automated defense methods through the open sharing of intelligence in machine-readable format is critical to ongoing efforts in cybersecurity. As a leader in DevOps, Copado will continue to support these efforts to bring humans and machines together to help build a safer, more secure internet.”

– Daniel Riedel, SVP, Copado


“We are proud to support the continued refinement of this standard language. It further builds confidence with the threat intelligence community and enables a true collective defense. As a part of the community, Cyware understands how valuable the standard is, which is just one of the reasons we use it as a backbone for intel sharing and automation.”

Avkash Kathiriya, Vice President of Research and Innovation, Cyware


“The rapidly evolving threat landscape makes it more important than ever to exchange and operationalise threat intelligence. We believe the new STIX & TAXII 2.1 standards bring great advancements that will help our customers detect threats earlier, remediate faster and run their cyber defense operations more efficiently. We applaud OASIS and everyone in the threat intelligence community that has contributed to this tremendous milestone.”

Ciaran Bradley, CTO, EclecticIQ


“IBM has a long history of supporting industry standards to solve the world’s most pressing challenges. As cyberattacks have become one of the greatest threats facing modern society, defenders require a coordinated approach to succeed. To make this a reality, IBM has embraced an open, integrated approach to cybersecurity and is proud to support open standards such as STIX and TAXII to facilitate wide-ranging use cases across the entire threat management lifecycle – including intelligence, hunting, detection, and response.”

— Jason Keirstead, CTO, IBM Security Threat Management


“SEKOIA.IO is a XDR platform leveraging threat intel at the highest level. This CTI is used for detection, context enrichment and reaction strategies. To do so, we aligned our solution with STIX2.1/TAXII2.1 since the beginning. Every day, we produce our exclusive technical and strategic CTI but we also ingest the worldwide cybersecurity news. This is a cornerstone for our XDR and this is done using STIX. Customers can also access this CTI using TAXII, TIPs, API or Web.”

— David Bizeul, CTO, SEKOIA

Sopra Steria

“We are pleased to welcome the new STIX standard release. It’s a step further into operational interaction between Cyber Threat Intelligence and Cyber Defense for detection and analysis. Straight relation between Indicators and Observed Data is a good example of the progress made. Sighting is a key to make global knowledge growth. Therefore, we set STIX 2 as the core standard of our services.”

— Alexandre Cabrol Perales, Head of Managed Detection and Response, Sopra Steria Group 


“We believe that supporting open standards is essential to help organizations leverage the tools they are using and facilitates the exchange of information across those tools regardless of vendor. We are proud to support the approval of STIX v2.1 and TAXII v2.1 as OASIS Standards.”

— Haig Colter, Director of Alliances, ThreatQuotient

Media inquiries: 
Carol Geyer