This is Part 1 of the Interoperability test document to supplement the five-part STIX 2.0 specification developed by the CTI TC of OASIS. It is available at: https://www.oasis-open.org/committees/document.php?document_id=61240&wg_abbrev=cti
The is the first in a series that will be developed concurrent with revisions to the STIX specification. This test document provides detailed requirements on how producers of products within the threat intelligence ecosystem may demonstrate conformity with STIX 2.0 if they wish to self-certify that their software is verified as interoperable.
There are five personas detailed in Part 1 of this specification. These are: Data Feed Provider (DFP), Threat Intelligence Platform (TIP), Threat Mitigation System (TMS), Threat Detection System (TDS) and Security Incident and Event Management (SIEM).
This interoperability test document defines tests of the following use cases: indicator sharing, sighting sharing, versioning, data markings, custom objects and properties, and course of action sharing. For each of these use cases the document details the Producer support and the Respondent support to be used for the test cases. |
