OASIS Heimdall Data Format (OHDF) TC

The original Call For Participation for this TC may be found at https://lists.oasis-open.org/archives/members/202301/msg00007.html.


(1)(a) TC Name

The OASIS Heimdall Data Format (OHDF) Technical Committee (TC)

(1)(b) Statement of Purpose

The purpose of the TC is to develop a standard format for exchanging normalized security data between cybersecurity tools. This data exchange specification will be called the OASIS Heimdall Data Format (OHDF).

In this context:

  • 'Standardization' is the process of defining data elements in a consistent and contextualized manner.
  • 'Normalization' is the process for mapping a format's data elements into another format's data elements.

Security tools typically generate data in unique formats that require multiple dashboards and utilities to process. This leads to a time-consuming process for completing security assessments, data in disparate locations and inconsistent semantics of a data element between formats. Furthermore, many security tools do not provide context to relevant compliance standards for comparison across security tools.

OHDF will provide a common data exchange format that:

  • Enables the consistent integration, aggregation, and analysis of security data from all available sources
  • Preserves data integrity with original source data
  • Maximizes interoperability and data sharing
  • Facilitates the transformation and transport of data between security/management processes or technologies
  • Allows for the mapping and enrichment of security data to relevant compliance standards (GDPR, NIST SP 800-53, PCI-DSS, etc.)

The TC will update OHDF as industry needs evolve.

Business Benefits

A standard vendor-agnostic data format supports cybersecurity product interoperability without the need for customized integrations.

Participating stakeholders and adaptors should benefit from this TC:

  • For Commercial and Vendor Cybersecurity Partners, OHDF defines a standardized, interoperable target format that vendor tools can consume across their customer base consistently and that is easily managed within the product lifecycle.
  • For the Open Source Community, OHDF enables easy integration with commercial solutions without the need for direct partnerships.
  • For Government Agencies, OHDF can streamline business processes by having a standard, open source, machine-readable format for all security data.
  • For Academia, OHDF offers a structured way to communicate and enhance research findings throughout the security community.
  • For Corporate and Federal CISOs/CIOs, OHDF can increase visibility across the enterprise by taking advantage of normalized security data in a standard format that supports risk information interoperability from a broad range of inputs to support security risk decision-making.
  • For Security Engineers, OHDF can reduce resource requirements for multiple security data types by standardizing formatting across disparate security tools.
  • For Risk Managers, OHDF can improve decision making by using a standardized format to facilitate automation, standardize communication requirements, and inform risk-based analysis.
  • For DevSecOps/Software Engineers, OHDF can streamline CI/CD processes by leveraging a standardized format to collate/aggregate normalized security data to support automated and continuous security processes.

(1)(c) Scope

The scope of work of the TC is to produce a specification that defines the OHDF format, as well as supporting documentation and open source content. The TC will draft specifications, lexicons, or other documents to allow exchange of security data in a standardized manner. The TC will leverage pre-existing standards to the greatest extent practical.

The TC will base its initial efforts on HDF specifications generated by The MITRE Corporation as part of the MITRE Security Automation Framework (MITRE SAF ©). MITRE SAF © will contribute the open source specifications and related documentation developed for HDF to the OHDF TC.

Additionally, the TC will reference example implementations from MITRE SAF © tooling for accessing and visualizing the data. It is expected that other organizations and interested individuals in the larger community will also develop implementations and tooling.

(1)(d) Deliverables

  • An OASIS specification that defines the OASIS Heimdall Data Format (OHDF). (~6 months from start date)
  • Other materials as necessary to ease adoption of the specification, such as: educational materials, supporting documentation, and open source content.

The OASIS Heimdall Data Format will be an evolving standard, and consequently this TC will continue to make changes and produce materials as required to adapt the format to any new security data considerations.

(1)(e) IPR Mode

This TC will operate under the Non-Assertion IPR mode as defined in Section 10.3 of the OASIS IPR Policy document.

(1)(f) Audience

  • Corporate and Federal CISOs/CSOs
  • Security data vendors
  • Federal contractors
  • National standards agencies and institutes, e.g., US National Institute of Standards and Technology (NIST)

(1)(g) Language

  • English

(Optional References for Section 1)

https://saf.mitre.org (MITRE SAF© Home page)

https://github.com/mitre/heimdall2/tree/master/libs/inspecjs (example JavaScript implementation of the HDF standard)