OASIS Cyber Threat Intelligence (CTI) TC

Join TC     TC Page     Send a comment to this TC

Supporting automated information sharing for cybersecurity situational awareness, real-time network defense, and sophisticated threat analysis

Trey Darley, trey.darley@accenture.com, Chair
Robert Coderre, robert.c.coderre@accenture.com, Chair
Kelly Cullinane, kcullinane@copado.com, Secretary

Table of Contents


Announcements

First STIX/TAXII 2.1 PlugFest Demonstrates Interoperability Between Cybersecurity Tools. Members of the CTI TC confirmed the multi-vendor interoperability of their CTI tools and verified their compliance with the STIX 2.1 and TAXII 2.1 Interoperability Test Documents. 15-17 June 2022

OriginBX Alliance for Digital Trade and STIX/TAXII Cybersecurity Standards Win Open Cup Awards. The Open Cup for Outstanding Approved Standard was awarded to STIX v2.1 & TAXII v2.1, two widely used cybersecurity standards that enable the automated exchange of cyber threat intelligence. 19 Jan 2022

The press release on STIX and TAXII's approval as OASIS Standards is available now. You can read it here.

STIX v2.1 and TAXII v2.1 OASIS Standards are approved and published

STIX Version 2.1 is approved as Committee Specification 02. This edition adds new objects and concepts and incorporates improvements based on experience implementing Version 2.0.

TAXII Version 2.1 is approved as a Committee Specification. A number of updates and additions have been added in response to testing and feedback. The list of major changes and additions can be found in Section 1.7.1.

OASIS Completes Second Successful Plugfest for STIX/TAXII 2 Interoperability: Cisco, Fujitsu, LookingGlass, NC4, New Context, U.S. DHS, and Others Participate in Event to Validate Threat Intelligence Sharing Standards. 29 June 2018

Cybersecurity Companies Demo Support for STIX and TAXII Standards for Automated Threat Intelligence Sharing at RSA 2018: Anomali, EclecticIQ, Fujitsu, Hitachi, IBM Security, New Context, NC4, ThreatQuotient, and TruSTAR Demo STIX and TAXII Support; 16 April 2018.

In TechRepublic video, Richard Struse of MITRE explains how STIX and TAXII give cyber defenders better weapons.

Sharing Cyber Threat Intelligence Just Got a Lot Easier. Learn about STIX and TAXII 2.0.

STIX and TAXII Version 2.0 are now approved and published OASIS Committee Specifications.

STIX and TAXII receive 2016 Open Standards Cup. Former CTI TC co-chair, Richard Struse of US Department of Homeland Security, was named Distinguished Contributor. See press release.

STIX, TAXII, and CybOX received the European Identity Conference (EIC) 2016 Award for Best Innovation/New Standard in Information Security. Congratulations to all CTI TC members.

Participation in the OASIS CTI TC is open to all interested parties. Contact join@oasis-open.org for more information.


Overview

The OASIS Cyber Threat Intelligence (CTI) TC was chartered to define a set of information representations and protocols to address the need to model, analyze, and share cyber threat intelligence. The CTI TC focuses on development and standardization of STIX (Structured Threat Information Expression) and TAXII (Trusted Automated Exchange of Indicator Information) under the OASIS open standards process.

The OASIS CTI Technical Committee will:

  • define composable information sharing services for peer-to-peer, hub-and-spoke, and source subscriber threat intelligence sharing models
  • develop standardized representations for campaigns, threat actors, incidents, tactics techniques and procedures (TTPs), indicators, exploit targets, observables, and courses of action
  • develop formal models that allow organizations to develop their own standards-based sharing architectures to meet specific needs

For more information on the CTI TC, see the TC Charter.


Subcommittees


TC Liaisons

No TC Liaisons have been announced for this TC.


TC Tools and Approved Publications


Technical Work Produced by the Committee


OASIS TC Open Repositories Sponsored by the Committee

OASIS TC Open Repositories:


Expository Work Produced by the Committee

There are no approved expository work products for this TC yet.


External Resources

Although not produced by the OASIS CTI TC, the following information offers useful insights into its work:


Mailing Lists and Comments

cti: the discussion list used by CTI TC members to conduct Committee work. TC membership is required to post, and TC members are automatically subscribed. The public may view the OASIS list archives, also mirrored by MarkLogic at MarkMail.org.

cti-publicmirror: a read-only public mirror of the CTI TC discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-publicmirror-subscribe@lists.oasis-open.org

cti-users: a public forum for asking questions, offering answers, and discussing topics of interest on STIX and TAXII. Users and developers of solutions that leverage those cybersecurity specifications are invited to participate. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-users-subscribe@lists.oasis-open.org. The public may view the OASIS list archives, also mirrored by MarkLogic at MarkMail.org

cti-stix-publicmirror: a read-only public mirror of the CTI STIX Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-stix-publicmirror-subscribe@lists.oasis-open.org

cti-taxii-publicmirror: a read-only public mirror of the CTI TAXII Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-taxii-publicmirror-subscribe@lists.oasis-open.org

cti-cybox-publicmirror: (LIST DEPRECATED) a read-only public mirror of the CTI CybOX Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-cybox-publicmirror-subscribe@lists.oasis-open.org

cti-comment: a public mailing list for providing feedback on the technical work of the OASIS CTI TC. Send a comment or view the OASIS comment list archives, also mirrored by MarkLogic at MarkMail.org.


Press Coverage and Commentary


Additional Information


Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.