Cybersecurity Standards User Council: Charter


Group Charter

Name of the Group

OASIS Cybersecurity Standards User Council

Statement of Purpose

The Cybersecurity Standards User Council provides a neutral forum in which users of cybersecurity products and services can influence and track standards without the requirement to engage in day-to-day specification development issues. Whereas users are initially defined as entities leveraging cybersecurity products and services for their own institutional purposes.

User Council members voice concerns, discuss best practices, and identify common technical requirements that can be shared with OASIS Technical Committees including (but not limited to) the Cyber Threat Intelligence (CTI) TC, the Common Security Advisory Framework (CSAF) TC, and the Open Command and Control (OpenC2) TC.

Scope of Work

The goals of the Cybersecurity Standards User Council are to:

The User Council may develop Committee Notes and other informative materials, but will not develop any Standards Track Work product materials (such as Committee Specifications) to which the patent licensing or non-assertion provisions of the OASIS IPR Policy would apply.


The Cybersecurity Standards User Council will determine, as part of their activities, the best means for documenting and sharing user scenarios, best practices, technical requirements, etc. with other interested parties, then create and publish such materials as best meets the Council's goals. The User Council may choose to conduct activities aimed at educating or soliciting feedback from non-members of OASIS.

IPR Mode

The User Council will operate under the terms of the Non-Assertion Mode as defined in the OASIS IPR Policy.


Work of the Cybersecurity Standards User Council is expected to be of interest to OASIS Technical Committees engaged in cybersecurity issues and governmental, institutional, and commercial parties outside OASIS with a stake in greater cybersecurity.

The Cybersecurity Standards User Council is open to all OASIS members but is designed specifically as a forum for representatives of non-vendor organizations from financial services, healthcare, manufacturing, retail, aerospace, government, and other industry sectors that use products or services which support cybersecurity standards.


The Cybersecurity Standards User Council will conduct its work in English; however, it may also choose to conduct activities or produce deliverables in other languages.

N.B. The complete text of this group proposal, including Charter and Additional Information, was published in the Call for Participation announcement, archived in the group's discussion list archive.