#STIX Version 1.2.1 by the OASIS Cyber Threat Intelligence (#CTI) TC is now available

OASIS is pleased to announce the availability of a new Committee Specification from the members of the Cyber Threat Intelligence (CTI) TC:

STIX Version 1.2.1
Committee Specification 01
05 May 2016

What is STIX and why is it important?

The Structured Threat Information Expression (STIX) is the result of a collaborative, community-driven effort to define and develop a framework for expressing cyber threat information in a way that enables cyber threat information sharing and cyber threat analysis. The STIX framework comprises a collection of extensible component specifications along with an overarching core specification and supporting specifications. STIX Version 1.2.1 provides an overview of those specifications and defines how they are used within the broader STIX framework.

About the TC:

The OASIS Cyber Threat Intelligence (CTI) TC is developing information representations and protocols to help industries, organizations, and governments model, analyze, and share cyber threat intelligence.

The TC has transitioned STIX (Structured Threat Information Expression), TAXII (Trusted Automated Exchange of Indicator Information), and CybOX (Cyber Observable Expression) from the US Department of Homeland Security (DHS) for standardization under the OASIS open standards process. STIX Version 1.2.1 is the first of these to be released as an OASIS Committee Specification.

Members of the TC are currently working on the next generation of these specifications.

STIX, TAXII, and CybOX recently received the European Identity Conference (EIC) 2016 Award for Best Innovation/New Standard in Information Security.

URIs:
The prose specifications and related files are available at:

– STIX Version 1.2.1. Part 1: Overview
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part1-overview/stix-v1.2.1-cs01-part1-overview.docx
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part1-overview/stix-v1.2.1-cs01-part1-overview.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part1-overview/stix-v1.2.1-cs01-part1-overview.pdf

– STIX Version 1.2.1. Part 2: Common
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part2-common/stix-v1.2.1-cs01-part2-common.docx
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part2-common/stix-v1.2.1-cs01-part2-common.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part2-common/stix-v1.2.1-cs01-part2-common.pdf

– STIX Version 1.2.1. Part 3: Core
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part3-core/stix-v1.2.1-cs01-part3-core.docx
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part3-core/stix-v1.2.1-cs01-part3-core.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part3-core/stix-v1.2.1-cs01-part3-core.pdf

– STIX Version 1.2.1. Part 4: Indicator
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part4-indicator/stix-v1.2.1-cs01-part4-indicator.docx
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part4-indicator/stix-v1.2.1-cs01-part4-indicator.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part4-indicator/stix-v1.2.1-cs01-part4-indicator.pdf

– STIX Version 1.2.1. Part 5: TTP
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part5-ttp/stix-v1.2.1-cs01-part5-ttp.docx
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part5-ttp/stix-v1.2.1-cs01-part5-ttp.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part5-ttp/stix-v1.2.1-cs01-part5-ttp.pdf

– STIX Version 1.2.1. Part 6: Incident
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part6-incident/stix-v1.2.1-cs01-part6-incident.docx
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part6-incident/stix-v1.2.1-cs01-part6-incident.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part6-incident/stix-v1.2.1-cs01-part6-incident.pdf

– STIX Version 1.2.1. Part 7: Threat Actor
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part7-threat-actor/stix-v1.2.1-cs01-part7-threat-actor.docx
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part7-threat-actor/stix-v1.2.1-cs01-part7-threat-actor.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part7-threat-actor/stix-v1.2.1-cs01-part7-threat-actor.pdf

– STIX Version 1.2.1. Part 8: Campaign
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part8-campaign/stix-v1.2.1-cs01-part8-campaign.docx
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part8-campaign/stix-v1.2.1-cs01-part8-campaign.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part8-campaign/stix-v1.2.1-cs01-part8-campaign.pdf

– STIX Version 1.2.1. Part 9: Course of Action
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part9-coa/stix-v1.2.1-cs01-part9-coa.docx
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part9-coa/stix-v1.2.1-cs01-part9-coa.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part9-coa/stix-v1.2.1-cs01-part9-coa.pdf

– STIX Version 1.2.1. Part 10: Exploit Target
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part10-exploit-target/stix-v1.2.1-cs01-part10-exploit-target.docx
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part10-exploit-target/stix-v1.2.1-cs01-part10-exploit-target.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part10-exploit-target/stix-v1.2.1-cs01-part10-exploit-target.pdf

– STIX Version 1.2.1. Part 11: Report
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part11-report/stix-v1.2.1-cs01-part11-report.docx
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part11-report/stix-v1.2.1-cs01-part11-report.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part11-report/stix-v1.2.1-cs01-part11-report.pdf

– STIX Version 1.2.1. Part 12: Default Extensions
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part12-extensions/stix-v1.2.1-cs01-part12-extensions.docx
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part12-extensions/stix-v1.2.1-cs01-part12-extensions.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part12-extensions/stix-v1.2.1-cs01-part12-extensions.pdf

– STIX Version 1.2.1. Part 13: Data Marking
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part13-data-marking/stix-v1.2.1-cs01-part13-data-marking.docx
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part13-data-marking/stix-v1.2.1-cs01-part13-data-marking.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part13-data-marking/stix-v1.2.1-cs01-part13-data-marking.pdf

– STIX Version 1.2.1. Part 14: Vocabularies
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part14-vocabularies/stix-v1.2.1-cs01-part14-vocabularies.doc
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part14-vocabularies/stix-v1.2.1-cs01-part14-vocabularies.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part14-vocabularies/stix-v1.2.1-cs01-part14-vocabularies.pdf

– STIX Version 1.2.1. Part 15: UML Model
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part15-uml-model/stix-v1.2.1-cs01-part15-uml-model.docx
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part15-uml-model/stix-v1.2.1-cs01-part15-uml-model.html
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part15-uml-model/stix-v1.2.1-cs01-part15-uml-model.pdf

– UML Model Serialization
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/uml-model/

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:

http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/stix-v1.2.1-cs01.zip

Members of the CTI TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

========== Additional references:

[1] OASIS Cyber Threat Intelligence (CTI) TC
https://www.oasis-open.org/committees/cti/

IPR Statements page:
https://www.oasis-open.org/committees/cti/ipr.php

[2] Public reviews:
– 30-day public review, 19 January 2016: https://lists.oasis-open.org/archives/members/201601/msg00006.html
– Comment resolution log: http://docs.oasis-open.org/cti/stix/v1.2.1/csprd01/stix-v1.2.1-csprd01-comment-resolution-log.xlsx

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=2928