CTI STIX Subcommittee

Join SC     SC Page     Send a comment to this SC

Developing the STIX 2 language

Bret Jordan, Chair


Structured Threat Information Expression (STIX™) is a language and serialization format used to exchange cyber threat intelligence (CTI). STIX enables organizations to share CTI with one another in a consistent and machine readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively. STIX is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

Statement of Purpose - STIX SC

This STIX SC is responsible for the development of STIX Core and STIX Objects. STIX Core consists of concepts that apply throughout the STIX language, while STIX Objects consist of the set of objects that are used to describe cyber threat intelligence. These components are described in the STIX 2 specification, Part 1 (STIX Core) and Part 2 (STIX Objects).

All interested parties are welcome to participate in evolving STIX as part of the STIX SC under the main OASIS Cyber Treat Intelligence (CTI) Technical Committee.

List of Deliverables

  • STIX 2.0 Part 1: STIX Core
  • STIX 2.0 Part 2: STIX Objects
  • Other non-normative work products to increase adoption and improve the ease of use of the specification, such as best practices and implementor's guides


Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.