Project news

Cybersecurity Standards User Council invites members to join

OASIS is delighted to announce the formation of a new initiative: the Cybersecurity Standards User Council.

The international Cybersecurity Standards User Council is being formed by Aetna, ANZ Bank, Bank of America, BMO, Boeing, Cisco, JPMorgan Chase, Kaiser Permanente, and U.S. Bank at OASIS. We invite you to review the charter below as well as the Council web site [a] and consider getting involved.

To join the Council:

(a) you must be an employee or designee of an OASIS member organization or an individual member of OASIS, and

(b) you must register for the Council using the “join group” link at [b].

Non-members who wish to participate in the Council are invited to contact us for information about joining OASIS [c].

Members and non-members are invited to attend the Cyber Standards Council pre-launch planning session on 20 June in New York [d].

Please feel free to forward this announcement to any other appropriate lists.

[a] https://cyber-standards-council.org/

[b] https://www.oasis-open.org/apps/org/workgroup/cyber-council/

[c] http://www.oasis-open.org/join/

[d] https://us17.dryfta.com/80-cybersecurity-council-meeting

———-


CALL FOR PARTICIPATION


— Charter —

(1)(a) Name:

OASIS Cybersecurity Standards User Council

(1)(b) Statement of Purpose:

The Cybersecurity Standards User Council provides a neutral forum in which users of cybersecurity products and services can influence and track standards without the requirement to engage in day-to-day specification development issues. Whereas users are initially defined as entities leveraging cybersecurity products and services for their own institutional purposes.

User Council members voice concerns, discuss best practices, and identify common technical requirements that can be shared with OASIS Technical Committees including (but not limited to) the Cyber Threat Intelligence (CTI) TC, the Common Security Advisory Framework (CSAF) TC, and the Open Command and Control (OpenC2) TC.

(1)(c) Scope:

The goals of the Cybersecurity Standards User Council are to:

· Enable non-vendor organizations to contribute to cybersecurity standards in ways meaningful to them, such as articulating business requirements, mobilizing support for vertical specializations, and promoting adoption of common best practices;

· Foster peer-based discussions where non-vendor organizations can exchange information on pain points and collaborate to address real-world problems;

· Provide OASIS cybersecurity TCs with a direct mechanism for obtaining user feedback on technical disputes;

· Increase adoption of cybersecurity standards (STIX, TAXII, CSAF, OpenC2, and other relevant standards as identified by the User Council members) and enable a robust ecosystem by engaging more end users in the process.

The User Council may develop Committee Notes and other informative materials, but will not develop any Standards Track Work product materials (such as Committee Specifications) to which the patent licensing or non-assertion provisions of the OASIS IPR Policy would apply.

(1)(d) Deliverables

The Cybersecurity Standards User Council will determine, as part of their activities, the best means for documenting and sharing user scenarios, best practices, technical requirements, etc. with other interested parties, then create and publish such materials as best meets the Council’s goals. The User Council may choose to conduct activities aimed at educating or soliciting feedback from non-members of OASIS.

(1)(e) IPR Mode

The User Council will operate under the terms of the Non-Assertion Mode as defined in the OASIS IPR Policy.

(1)(f) Audience

Work of the Cybersecurity Standards User Council is expected to be of interest to OASIS Technical Committees engaged in cybersecurity issues and governmental, institutional, and commercial parties outside OASIS with a stake in greater cybersecurity.

The Cybersecurity Standards User Council is open to all OASIS members but is designed specifically as a forum for representatives of non-vendor organizations from financial services, healthcare, manufacturing, retail, aerospace, government, and other industry sectors that use products or services which support cybersecurity standards.

(1)(g) Language

The Cybersecurity Standards User Council will conduct its work in English; however, it may also choose to conduct activities or produce deliverables in other languages.

(2)(a) Identification of Similar Work

The Cybersecurity Standards User Council will pursue liaison relationships with end user communities represented by organizations such as FIRST.org, National Council of ISACs, and other groups.

(2)(b) First Meeting

The first official meeting of the members of the Cybersecurity Standards User Council will be held by teleconference on 26 June 2017. A chair or two co-chairs will be elected at this time.

The User Council will hold an open forum for members and non-members on 20 June 2017 in New York City in conjunction with the Borderless Cyber conference. The purpose of this forum will be to build support for the Council and solicit feedback from the community on needs, priorities, and preferred methods of working. User Council members are strongly encouraged but not required to attend this forum. The event will be chaired by Alexander Foley of Bank of America.

(2)(c) Ongoing Meeting Schedule

The User Council will convene monthly conference calls at a time to be determined by the members. Optional face-to-face meetings and public forums may be held in conjunction with the Borderless Cyber conference and other appropriate events at locations throughout the world.

(2)(d) Proposers

Initial Proposers of the User Council are:

· Aetna: David Crawford, david.crawford@aetna.com
· ANZ Bank: Dean Thompson, dean.thompson@anz.com
· Atos: Joerg Eschweiler, joerg.eschweiler@atos.net
· Bank of America: Alexander Foley, alexander.foley@bankofamerica.com
· BMO Financial Group: Vicky Laurens, vicky.laurens@bmo.com
· The Boeing Company: Crystal Hayes, crystal.l.hayes@boeing.com
· Individual member: Stefan Hagen, stefan@hagen.link
· JPMorgan Chase: David Laurance, david.c.laurance@jpmorgan.com
· Kaiser Permanente: Mike Slavick, Michael.Slavick@kp.org
· Kingfisher Operations: Trey Darley, trey@kingfisherops.com
· National Security Agency: Joseph Brule, jmbrule@nsa.gov
· U.S. Bank: Bryan Hall, bryan.hall@usbank.com ; Melanie Merritt, melanie.merritt@usbank.com ; John Paramadilok, John.Paramadilok@usbank.com ; Theresa Pon, TheresaErin.Pon@usbank.com

Additional Proposers for the Cybersecurity Standards User Council are welcome; contact join@oasis-open.org for details.

The final list of Proposers will be published with the official Call for Participation; organizations may join the User Council as members or observers at any time after that announcement.

(2)(e) Primary Representatives’ Support

These organizations have confirmed their support for the Cybersecurity Standards User Council and their intention to be represented in the group: Aetna, ANZ Bank, Bank of America, BMO Financial Group, The Boeing Company, JPMorgan Chase, Kaiser Permanente, Kingfisher Operations, and the National Security Agency, and U.S. Bank.

(2)(f) Convener

Joerg Eschweiler, je@cybersecurityscout.eu