Three Committee Specifications approved by Open Command and Control (OpenC2) TC

OASIS is pleased to announce that Open Command and Control (OpenC2) Language Specification Version 1.0, Open Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0, and Specification for Transfer of OpenC2 Messages via HTTPS Version 1.0 from the OASIS Open Command and Control (OpenC2) TC [1] have been approved as OASIS Committee Specifications.

OpenC2 is a suite of specifications to achieve command and control of cyber defense functions. These specifications include the OpenC2 Language Specification, Actuator Profiles, and Transfer Specifications. The OpenC2 Language Specification and Actuator Profile(s) focus on the standard at the producer and consumer of the command and response while the transfer specifications focus on the protocols for their exchange.

– The OpenC2 Language Specification provides the semantics for the essential elements of the language, the structure for commands and responses, and the schema that defines the proper syntax for the language elements that represents the command or response.

– The Profile for Stateless Packet Filtering Version is a cyber defense mechanism that denies or allows traffic based on static properties of the traffic, such as address, port, protocol, etc. This profile defines the Actions, Targets, Specifiers, and Options that are consistent with version 1.0 of the OpenC2 Language Specification.

– The Specification for Transfer of OpenC2 Messages via HTTPS is a concise and extensible language to enable the command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. HTTP over TLS is a widely deployed transfer protocol that provides an authenticated, ordered, lossless delivery of uniquely-identified messages. This document specifies the use of HTTP over TLS as a transfer mechanism for OpenC2 Messages.

These Committee Specifications are OASIS deliverables, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Open Command and Control (OpenC2) Language Specification Version 1.0
Committee Specification 01
11 July 2019

Editable source (Authoritative):
https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs01/oc2ls-v1.0-cs01.md
HTML:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs01/oc2ls-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs01/oc2ls-v1.0-cs01.pdf

Open Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0
Committee Specification 01
11 July 2019

Editable source (Authoritative):
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/cs01/oc2slpf-v1.0-cs01.md
HTML:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/cs01/oc2slpf-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/cs01/oc2slpf-v1.0-cs01.pdf

Specification for Transfer of OpenC2 Messages via HTTPS Version 1.0
Committee Specification 01
11 July 2019

Editable source (Authoritative):
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/cs01/open-impl-https-v1.0-cs01.md
HTML:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/cs01/open-impl-https-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/cs01/open-impl-https-v1.0-cs01.pdf

For your convenience, OASIS provides a complete package of the prose specification and related files in ZIP distribution files. You can download the ZIP files here:
– OpenC2 Language Specification: http://docs.oasis-open.org/openc2/oc2ls/v1.0/cs01/oc2ls-v1.0-cs01.zip
– OpenC2 Profile for Stateless Packet Filtering: http://docs.oasis-open.org/openc2/oc2slpf/v1.0/cs01/oc2slpf-v1.0-cs01.zip
– Specification for Transfer of OpenC2 Messages via HTTPS: http://docs.oasis-open.org/openc2/open-impl-https/v1.0/cs01/open-impl-https-v1.0-cs01.zip

Members of the OpenC2 TC [1] approved these specifications by Special Majority Vote. The specifications had been released for public review as required by the TC Process [2]. The vote to approve as Committee Specifications passed [3], and the documents are now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

========== Additional references:
[1] OASIS Open Command and Control (OpenC2) TC
https://www.oasis-open.org/committees/openc2/

[2] Public reviews:
– 30-day public review, 09 November 2018:
https://lists.oasis-open.org/archives/openc2/201811/msg00005.html
– Comment resolution logs:
OpenC2 Language Specification:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd01/oc2ls-v1.0-csprd01-comment-resolution-log.pdf
OpenC2 Profile for Stateless Packet Filtering:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd01/oc2slpf-v1.0-csprd01-comment-resolution-log.pdf
Transfer of OpenC2 Messages via HTTPS:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd01/open-impl-https-v1.0-csprd01-comment-resolution-log.pdf

– 15-day public review, 13 April 2019:
https://lists.oasis-open.org/archives/members/201904/msg00005.html
– Comment resolution logs:
OpenC2 Language Specification:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02-comment-resolution-log.pdf
OpenC2 Profile for Stateless Packet Filtering:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02-comment-resolution-log.pdf
Transfer of OpenC2 Messages via HTTPS:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02-comment-resolution-log.pdf

– 15-day public review, 12 June 2019:
https://lists.oasis-open.org/archives/openc2/201906/msg00009.html
– Comment resolution logs:
OpenC2 Language Specification:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd03/oc2ls-v1.0-csprd03-comment-resolution-log.txt
OpenC2 Profile for Stateless Packet Filtering:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd03/oc2slpf-v1.0-csprd03-comment-resolution-log.txt
Transfer of OpenC2 Messages via HTTPS:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd03/open-impl-https-v1.0-csprd03-comment-resolution-log.txt

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3413