OASIS Cybersecurity Standards User Council
The Cybersecurity Standards User Council provides a neutral forum in which users of cybersecurity products and services can influence and track standards without the requirement to engage in day-to-day specification development issues. Whereas users are initially defined as entities leveraging cybersecurity products and services for their own institutional purposes.
User Council members voice concerns, discuss best practices, and identify common technical requirements that can be shared with OASIS Technical Committees including (but not limited to) the Cyber Threat Intelligence (CTI) TC, the Common Security Advisory Framework (CSAF) TC, and the Open Command and Control (OpenC2) TC.
The goals of the Cybersecurity Standards User Council are to:
Enable non-vendor organizations to contribute to cybersecurity standards in ways meaningful to them, such as articulating business requirements, mobilizing support for vertical specializations, and promoting adoption of common best practices
Foster peer-based discussions where non-vendor organizations can exchange information on pain points and collaborate to address real-world problems
Provide OASIS cybersecurity TCs with a direct mechanism for obtaining user feedback on technical disputes
Increase adoption of cybersecurity standards (STIX, TAXII, CSAF, OpenC2, and other relevant standards as identified by the User Council members) and enable a robust ecosystem by engaging more end users in the process
The User Council may develop Committee Notes and other informative materials, but will not develop any Standards Track Work product materials (such as Committee Specifications) to which the patent licensing or non-assertion provisions of the OASIS IPR Policy would apply.
The Cybersecurity Standards User Council will determine, as part of their activities, the best means for documenting and sharing user scenarios, best practices, technical requirements, etc. with other interested parties, then create and publish such materials as best meets the Council's goals. The User Council may choose to conduct activities aimed at educating or soliciting feedback from non-members of OASIS.
The User Council will operate under the terms of the Non-Assertion Mode as defined in the OASIS IPR Policy.
Work of the Cybersecurity Standards User Council is expected to be of interest to OASIS Technical Committees engaged in cybersecurity issues and governmental, institutional, and commercial parties outside OASIS with a stake in greater cybersecurity.
The Cybersecurity Standards User Council is open to all OASIS members but is designed specifically as a forum for representatives of non-vendor organizations from financial services, healthcare, manufacturing, retail, aerospace, government, and other industry sectors that use products or services which support cybersecurity standards.
The Cybersecurity Standards User Council will conduct its work in English; however, it may also choose to conduct activities or produce deliverables in other languages.
N.B. The complete text of this group proposal, including Charter and Additional Information, was published in the Call for Participation announcement, archived in the group's discussion list archive.