#TAXII Version 1.1.1 by the OASIS Cyber Threat Intelligence (#CTI) TC is now available

OASIS is pleased to announce the availability of a new Committee Specification from the members of the Cyber Threat Intelligence (CTI) TC:

TAXII(TM) Version 1.1.1
Committee Specification 01
05 May 2016

What is TAXII and why is it important?

The Trusted Automated eXchange of Indicator Information (TAXII) defines a set of services and message exchanges that, when implemented, enable sharing of actionable cyber threat information across organization and product/service boundaries.

TAXII Version 1.1.1 defines concepts, protocols and messages to exchange cyber threat information for the detection, prevention, and mitigation of cyber threats.

TAXII is not an information sharing initiative or application and does not attempt to define trust agreements, governance, or non-technical aspects of cyber threat information sharing. Instead, TAXII empowers organizations to achieve improved situational awareness about emerging threats, and enables organizations to easily share the information they choose with the partners they choose.

About the TC:

The OASIS Cyber Threat Intelligence (CTI) TC is developing information representations and protocols to help industries, organizations, and governments model, analyze, and share cyber threat intelligence.

The TC has transitioned STIX (Structured Threat Information Expression), TAXII (Trusted Automated Exchange of Indicator Information), and CybOX (Cyber Observable Expression) from the US Department of Homeland Security (DHS) for standardization under the OASIS open standards process. TAXII Version 1.1.1 is the second of these to be released as an OASIS Committee Specification.

Members of the TC are currently working on the next generation of these specifications.

STIX, TAXII, and CybOX recently received the European Identity Conference (EIC) 2016 Award for Best Innovation/New Standard in Information Security.

URIs:
The prose specifications and related files are available at:

- TAXII Version 1.1.1. Part 1: Overview
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part1-overview/taxii-v1...
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part1-overview/taxii-v1...
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part1-overview/taxii-v1...

- TAXII Version 1.1.1. Part 2: Services
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part2-services/taxii-v1...
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part2-services/taxii-v1...
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part2-services/taxii-v1...

- TAXII Version 1.1.1. Part 3: HTTP Protocol Binding
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part3-http/taxii-v1.1.1...
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part3-http/taxii-v1.1.1...
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part3-http/taxii-v1.1.1...

- TAXII Version 1.1.1. Part 4: XML Message Binding
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part4-xml/taxii-v1.1.1-...
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part4-xml/taxii-v1.1.1-...
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part4-xml/taxii-v1.1.1-...

- TAXII Version 1.1.1. Part 5: Default Query
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part5-query/taxii-v1.1....
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part5-query/taxii-v1.1....
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part5-query/taxii-v1.1....

- XML schemas:
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/schemas/

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:

http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/taxii-v1.1.1-cs01.zip

Members of the CTI TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

========== Additional references:

[1] OASIS Cyber Threat Intelligence (CTI) TC
https://www.oasis-open.org/committees/cti/

IPR Statements page:
https://www.oasis-open.org/committees/cti/ipr.php

[2] Public reviews:
- 30-day public review, 19 January 2016: https://lists.oasis-open.org/archives/members/201601/msg00006.html
- Comment resolution log: http://docs.oasis-open.org/cti/taxii/v1.1.1/csprd01/taxii-v1.1.1-csprd01...

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=2927

Associated TC: 
Cyber Threat Intelligence (CTI)