OASIS Cyber Threat Intelligence (CTI) TC

Join TC     TC Page     Send a comment to this TC

Supporting automated information sharing for cybersecurity situational awareness, real-time network defense, and sophisticated threat analysis

Richard Struse, rjs@mitre.org, Chair
Jane Ginn, jg@ctin.us, Secretary

Table of Contents


Announcements

In new TechRepublic video, Richard Struse of MITRE explains how STIX and TAXII give cyber defenders better weapons.

Sharing Cyber Threat Intelligence Just Got a Lot Easier. Learn about STIX and TAXII 2.0.

RSA 2017 Features Huge Demonstration of Support for Cyber Threat Intelligence, Encryption, and Cryptography Standards as 24 OASIS Member Companies Collaborate. Bay Dynamics, DFLabs, EclecticIQ, Fujitsu, IBM, LookingGlass, New Context, NC4, ThreatConnect, ThreatQuotient, TruSTAR, and Verisign Demo STIX and TAXII Support. 13 Feb 2017

STIX and TAXII receive 2016 Open Standards Cup. CTI TC co-chair, Richard Struse of US Department of Homeland Security, is named Distinguished Contributor. See press release.

STIX, TAXII, and CybOX received the European Identity Conference (EIC) 2016 Award for Best Innovation/New Standard in Information Security. Congratulations to all CTI TC members.

Participation in the OASIS CTI TC is open to all interested parties. Contact join@oasis-open.org for more information.


Overview

The OASIS Cyber Threat Intelligence (CTI) TC was chartered to define a set of information representations and protocols to address the need to model, analyze, and share cyber threat intelligence. In the initial phase of TC work, three specifications will be transitioned from the US Department of Homeland Security (DHS) for development and standardization under the OASIS open standards process: STIX (Structured Threat Information Expression), TAXII (Trusted Automated Exchange of Indicator Information), and CybOX (Cyber Observable Expression).

The OASIS CTI Technical Committee will:

  • define composable information sharing services for peer-to-peer, hub-and-spoke, and source subscriber threat intelligence sharing models
  • develop standardized representations for campaigns, threat actors, incidents, tactics techniques and procedures (TTPs), indicators, exploit targets, observables, and courses of action
  • develop formal models that allow organizations to develop their own standards-based sharing architectures to meet specific needs

For more information on the CTI TC, see the TC Charter.


Subcommittees


TC Liaisons

No TC Liaisons have been announced for this TC.


TC Tools and Approved Publications


Technical Work Produced by the Committee


OASIS Open Source Repositories Sponsored by the Committee

OASIS Open Repositories:


Expository Work Produced by the Committee

There are no approved expository work products for this TC yet.


External Resources

Although not produced by the OASIS CTI TC, the following information offers useful insights into its work:


Mailing Lists and Comments

cti: the discussion list used by CTI TC members to conduct Committee work. TC membership is required to post, and TC members are automatically subscribed. The public may view the OASIS list archives, also mirrored by MarkLogic at MarkMail.org.

cti-publicmirror: a read-only public mirror of the CTI TC discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-publicmirror-subscribe@lists.oasis-open.org

cti-users: a public forum for asking questions, offering answers, and discussing topics of interest on STIX and TAXII. Users and developers of solutions that leverage those cybersecurity specifications are invited to participate. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-users-subscribe@lists.oasis-open.org. The public may view the OASIS list archives, also mirrored by MarkLogic at MarkMail.org

cti-stix-publicmirror: a read-only public mirror of the CTI STIX Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-stix-publicmirror-subscribe@lists.oasis-open.org

cti-taxii-publicmirror: a read-only public mirror of the CTI TAXII Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-taxii-publicmirror-subscribe@lists.oasis-open.org

cti-cybox-publicmirror: a read-only public mirror of the CTI CybOX Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-cybox-publicmirror-subscribe@lists.oasis-open.org

cti-comment: a public mailing list for providing feedback on the technical work of the OASIS CTI TC. Send a comment or view the OASIS comment list archives, also mirrored by MarkLogic at MarkMail.org.


Press Coverage and Commentary


Additional Information


Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.