OASIS Cyber Threat Intelligence (CTI) TC
Supporting automated information sharing for cybersecurity situational awareness, real-time network defense, and sophisticated threat analysis
Table of Contents
- TC Liaisons
- TC Tools and Approved Publications
- Technical Work Produced by the Committee
- OASIS Open Source Repositories Sponsored by the Committee
- Expository Work Produced by the Committee
- External Resources
- Mailing Lists and Comments
- Press Coverage and Commentary
- Additional Information
Tweet #STIX Tweet #TAXII Tweet #CybOX
STIX, TAXII, and CybOX receive 2016 Open Standards Cup. CTI TC co-chair, Richard Struse of US Department of Homeland Security, is named Distinguished Contributor. See press release.
STIX, TAXII, and CybOX received the European Identity Conference (EIC) 2016 Award for Best Innovation/New Standard in Information Security. Congratulations to all CTI TC members.
The OASIS Cyber Threat Intelligence (CTI) TC was chartered to define a set of information representations and protocols to address the need to model, analyze, and share cyber threat intelligence. In the initial phase of TC work, three specifications will be transitioned from the US Department of Homeland Security (DHS) for development and standardization under the OASIS open standards process: STIX (Structured Threat Information Expression), TAXII (Trusted Automated Exchange of Indicator Information), and CybOX (Cyber Observable Expression).
The OASIS CTI Technical Committee will:
- define composable information sharing services for peer-to-peer, hub-and-spoke, and source subscriber threat intelligence sharing models
- develop standardized representations for campaigns, threat actors, incidents, tactics techniques and procedures (TTPs), indicators, exploit targets, observables, and courses of action
- develop formal models that allow organizations to develop their own standards-based sharing architectures to meet specific needs
For more information on the CTI TC, see the TC Charter.
- CTI STIX Subcommittee, with list archives from OASIS and MarkMail
- CTI TAXII Subcommittee, with list archives from OASIS and MarkMail
- CTI CybOX Subcommittee, with list archives from OASIS and MarkMail
- CTI Interoperability Subcommittee, with list archives from OASIS and MarkMail
- CTI Marketing Group
No TC Liaisons have been announced for this TC.
- cti-stix2-json-schemas: Non-normative schemas and examples for STIX 2
- cti-documentation: GitHub Pages site for STIX, CybOX, and TAXII
- cti-stix-validator: Validator for STIX 2.0 JSON normative requirements and best practices
- cti-pattern-validator: Validate patterns used to express CybOX content in STIX Indicators
- cti-stix-visualization: Lightweight visualization for STIX 2.0 objects and relationships
- cti-cybox3-json-schemas: Non-normative schemas and examples for CybOX 3
- cti-marking-prototype: Prototype for processing granular data markings in STIX
- cti-stix-elevator: Convert STIX 1.2 XML to STIX 2.0 JSON
- cti-pattern-matcher: Match STIX content against STIX patterns
There are no approved expository work products for this TC yet.
Although not produced by the OASIS CTI TC, the following information offers useful insights into its work:
- News about STIX, TAXII, CybOX, and MAEC
- Implementations: Support for STIX/TAXII
- STIX/TAXII Standards Transition FAQ
cti: the discussion list used by CTI TC members to conduct Committee work. TC membership is required to post, and TC members are automatically subscribed. The public may view the OASIS list archives, also mirrored by MarkLogic at MarkMail.org.
cti-publicmirror: a read-only public mirror of the CTI TC discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to firstname.lastname@example.org
cti-users: a public forum for asking questions, offering answers, and discussing topics of interest on STIX, TAXII, and CybOX. Users and developers of solutions that leverage those cybersecurity specifications are invited to participate. Anyone may subscribe to this list by sending an email subscription request (a blank message) to email@example.com. The public may view the OASIS list archives, also mirrored by MarkLogic at MarkMail.org
cti-stix-publicmirror: a read-only public mirror of the CTI STIX Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to firstname.lastname@example.org
cti-taxii-publicmirror: a read-only public mirror of the CTI TAXII Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to email@example.com
cti-cybox-publicmirror: a read-only public mirror of the CTI CybOX Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to firstname.lastname@example.org
cti-comment: a public mailing list for providing feedback on the technical work of the OASIS CTI TC. Send a comment or view the OASIS comment list archives, also mirrored by MarkLogic at MarkMail.org.
- STIX, TAXII, and CybOX receive 2016 Open Standards Cup; CTI TC co-chair, Richard Struse of US Department of Homeland Security, named Distinguished Contributor; 8 Aug 2016
- "United we stand: Protecting against cyber threats with standards for sharing"; OECD ITAC News, 27 Jul 2015
- "DHS Transitions STIX, TAXII and CybOX Standards to OASIS"; DarkMatters, 29 July 2015
- "OASIS Advances Automated Cyber Threat Intelligence Sharing with STIX, TAXII, CybOX"; Boeing, Check Point, Cisco, Dell, EMC, eSentire, Fortinet, Fujitsu, IBM, iboss, iSIGHT Partners, NEC, New Context, Palo Alto Networks, Resilient, Securonix, Soltra, TELUS, ThreatQuotient, ThreatStream, TruSTAR, US DHS Office of Cybersecurity and Communications, US NIST, ViaSat, and Others Collaborate on International Standards to Prevent and Defend Against Cyber Attack; 17 July 2015
Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.
Representing these OASIS Foundationals and Sponsors:
- Bay Dynamics
- Cisco Systems
- FireEye, Inc.
- Fortinet Inc.
- Fujitsu Limited
- Hewlett Packard Enterprise (HPE)
- Hitachi, Ltd.
- iboss, Inc.
- Intel Corporation
- NEC Corporation
- New Context Services, Inc.
- Resilient Systems, Inc..
- ThreatQuotient, Inc.
- TruSTAR Technology
- US Department of Defense (DoD)
View full TC roster from 'Membership' link above.