< Home | Return to Ballot listing

Ballot Details    TC Member Ballot View
Approve Object Markings (STIX 2.0-Core, Section 6.5) as Consensus

Do you accept the Object Markings text, contained in STIX 2.0-Core, Section 6.5 and duplicated below in the description, and support marking it “consensus”

Consensus status indicates that the TC generally agrees with the approach and the text as written. Editorial changes to the text may be made after text has been moved to consensus status, but any substantive changes after the ballot has passed require another ballot to accept those substantive changes.

Link to Text: https://docs.google.com/document/d/1HJqhvzO35h62gQGPvghVRIAtQrZn3_J__0UcDAj-NXY/edit#heading=h.f3dx2rhc3vl
Full Text:

6.5 Object-Level Markings
Data markings provide the ability for producers to convey to consumers how they may use and share the marked data that they receive. Object-level data markings define how markings are applied to TLOs.

Object-level markings are contained in the object_marking_refs field, which is an optional list of ID references (of type identifier) that resolve to objects of type marking-definition. The markings referenced by the object_marking_refs field and defined in the marking-definition object apply to that TLO and all of its fields. If a consumer cannot resolve all of the ID references contained in the object_marking_refs property the consumer MUST reject that TLO.

6.5.1. Precedence
Multiple marking definitions of the same type can appear in the object_marking_refs list. If this occurs, markings appearing later in the list MUST have precedence over those appearing earlier. For example, a TLP marking appearing at position 3 in the list has precedence over a TLP marking appearing at position 2, but not a copyright marking appearing at position 1. Different types of marking definitions will have different behaviors when multiple instances are applied; that behavior is defined in the marking definition type itself.

The marking definition extensions, which define how data is marked using a particular approach (e.g., TLP), define the behavior when one marking overrides another.

6.5.2. Interoperability
Producers MAY create object-level data markings. Producers MUST ensure that all markings they do create comply with the functional and data marking requirements defined in this document.

Consumers MUST be aware of object-level data markings contained in the object_marking_refs field. Consumers that are unable to comply with the object-level data markings rules defined in this section MUST reject all TLOs that contain the object_marking_refs field.

6.5.3. Examples
This example marks the indicator with the marking definition referenced by the ID.
{
"type": "indicator",
"id": "indicator--089a6ecb-cc15-43cc-9494-767639779235",
...
"object_marking_refs": ["marking-definition--089a6ecb-cc15-43cc-9494-767639779123"],
...
}

 [ ]  Yes
 [ ]  No
 [ ]  Abstain
Opening:   Monday, 27 June 2016 @ 08:00 am EDT
Closing:   Monday, 4 July 2016 @ 08:00 am EDT
Group:   OASIS Cyber Threat Intelligence (CTI) TC
Ballot has closed.

Referenced Items
Name Type Date Action
Document
2016-07-04

Voting Details

Voting Summary

Options with highest number of votes are bold

Option # Votes % of Total
Yes 8 42%
No 11 58%
Abstain 0
Eligible members who have voted: 19 of 59 32%
Eligible members who have abstained: 0 of 59 0%
Eligible members who have not voted: 40 of 59 68%

Voting Details

Voter Company VoteReference Document and/or Comment
Dean Thompson
Australia and New Zealand Banking Group (A...
--
 
Alexander Foley
Bank of America
No
 
Bret Jordan
Blue Coat Systems, Inc.
Yes
 
Sarah Kelley
Center for Internet Security (CIS)
No
Ron Davidson
Check Point Software Technologies
--
 
Jyoti Verma
Cisco Systems
--
 
Joey Peloquin
Citrix Systems
--
 
Doug DePeppe
Cyber Threat Intelligence Network, Inc. (C...
--
 
Jane Ginn
Cyber Threat Intelligence Network, Inc. (C...
Yes
 
Richard Struse
DHS Office of Cybersecurity and Communicat...
--
 
Will Urbanski
Dell
--
 
David Eilken
Financial Services Information Sharing and...
--
 
Paul Patrick
FireEye, Inc.
--
 
Ryusuke Masuoka
Fujitsu Limited
Yes
 
Tomas Sander
Hewlett Packard Enterprise (HPE)
--
 
Kazuo Noguchi
Hitachi, Ltd.
--
 
Masato Terada
Hitachi, Ltd.
No
Ron Williams
IBM
--
 
Jason Keirstead
IBM
No
Terry MacDonald
Individual
--
 
Elysa Jones
Individual
Yes
 
Patrick Maroney
Integrated Networking Technologies, Inc.
--
 
Tim Casey
Intel Corporation
--
 
Beth Pumo
Kaiser Permanente
No
 
Trey Darley
Kingfisher Operations, sprl
No
Lee Vorthman
LookingGlass
No
 
Allan Thomson
LookingGlass
No
Ivan Kirillov
Mitre Corporation
--
 
Richard Piazza
Mitre Corporation
--
 
Jonathan Baker
Mitre Corporation
No
Sean Barnum
Mitre Corporation
No
John Wunder
Mitre Corporation
Yes
 
Takahiro Kakumaru
NEC Corporation
--
 
Daniel Riedel
New Context Services, Inc.
--
 
Andrew Storms
New Context Services, Inc.
--
 
James Moler
New Context Services, Inc.
--
 
John-Mark Gurney
New Context Services, Inc.
No
Mark Clancy
Soltra
--
 
Aharon Chernin
Soltra
--
 
Michael Pepin
Soltra
--
 
Jeff Beekman
Soltra
--
 
Chris Kiehl
Soltra
--
 
Daniel Dye
Soltra
--
 
Raymond Keckler
Soltra
--
 
Mark Davidson
Soltra
--
 
Ali Khan
Soltra
Yes
 
Michael Butt
Soltra
Yes
 
Greg Reaume
TELUS
--
 
Ben Schmoker
ThreatConnect, Inc.
--
 
Brad Butts
U.S. Bank
--
 
James Bohling
US Department of Defense (DoD)
--
 
Gary Katz
US Department of Defense (DoD)
--
 
Jeffrey Mates
US Department of Defense (DoD)
--
 
Mike McLellan
United Kingdom Cabinet Office
--
 
Chris Taylor
United Kingdom Cabinet Office
--
 
Laurie Thomson
United Kingdom Cabinet Office
--
 
Iain Brown
United Kingdom Cabinet Office
Yes
 
Robert Coderre
VeriSign
--
 
Kyle Maxwell
VeriSign
--