Project news

30-day Public Review for #STIX V2.0 – ends April 6th

The OASIS Cyber Threat Intelligence (CTI) TC [1] members have recently approved a Committee Specification Draft (CSD) and submitted it for 30-day public review:

STIX™ Version 2.0
Committee Specification Draft 01 / Public Review Draft 01
24 February 2017

What is STIX and why is it important?

(Edited 3/9/17 to add: the TC has prepared a FAQ to explain why STIX was so extensively revised, explain changes to CybOX, etc. The FAQ is available at https://oasis-open.github.io/cti-documentation/stix/review.html)

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence (CTI). STIX enables organizations to share CTI with one another in a consistent and machine readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively. STIX is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

In response to lessons learned in implementing previous versions, STIX has been significantly redesigned and, as a result, omits some of the objects and properties defined in STIX 1.2.1 (see STIX Version 1.2.1 Part 1: Overview at http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part1-overview.html). The objects chosen for inclusion in STIX 2.0 represent a minimally viable product (MVP) that fulfills basic consumer and producer requirements for CTI sharing. Objects and properties not included in STIX 2.0, but deemed necessary by the community, will be included in future releases.

About the TC:

The OASIS Cyber Threat Intelligence (CTI) TC is developing information representations and protocols to help industries, organizations, and governments model, analyze, and share cyber threat intelligence.

Public Review Period:

The public review starts 08 March 2017 at 00:00 UTC and ends 06 April 2017 at 23:59 UTC.

This is an open invitation to comment. OASIS solicits feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

URIs:

STIX Version 2.0 is a five-part specification. The prose documents and related files are available here:

– Part 1: STIX Core Concepts
Editable source (Authoritative):
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part1-stix-core/stix-v2.0-csprd01-part1-stix-core.docx

HTML:
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part1-stix-core/stix-v2.0-csprd01-part1-stix-core.html

PDF:
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part1-stix-core/stix-v2.0-csprd01-part1-stix-core.pdf

– Part 2: STIX Objects
Editable source (Authoritative):
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part2-stix-objects/stix-v2.0-csprd01-part2-stix-objects.docx

HTML:
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part2-stix-objects/stix-v2.0-csprd01-part2-stix-objects.html

PDF:
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part2-stix-objects/stix-v2.0-csprd01-part2-stix-objects.pdf

– Part 3: Cyber Observable Core Concepts
Editable source (Authoritative):
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part3-cyber-observable-core/stix-v2.0-csprd01-part3-cyber-observable-core.docx

HTML:
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part3-cyber-observable-core/stix-v2.0-csprd01-part3-cyber-observable-core.html

PDF:
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part3-cyber-observable-core/stix-v2.0-csprd01-part3-cyber-observable-core.pdf

– Part 4: Cyber Observable Objects
Editable source (Authoritative):
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part4-cyber-observable-objects/stix-v2.0-csprd01-part4-cyber-observable-objects.docx

HTML:
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part4-cyber-observable-objects/stix-v2.0-csprd01-part4-cyber-observable-objects.html

PDF:
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part4-cyber-observable-objects/stix-v2.0-csprd01-part4-cyber-observable-objects.pdf

– Part 5: STIX Patterning
Editable source (Authoritative):
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part5-stix-patterning/stix-v2.0-csprd01-part5-stix-patterning.docx

HTML:
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part5-stix-patterning/stix-v2.0-csprd01-part5-stix-patterning.html

PDF:
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part5-stix-patterning/stix-v2.0-csprd01-part5-stix-patterning.pdf

ZIP distribution file (complete):

For your convenience, OASIS provides a complete package of the prose documents and related files in a ZIP distribution file. You can download the ZIP file here:

http://docs.oasis-open.org/cti/stix/v2.0/csprd01/stix-v2.0-csprd01.zip

Additional information about the specification and the CTI TC can be found at the TC’s public home page:

https://www.oasis-open.org/committees/cti/

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page, or directly at:

https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=cti

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:

https://lists.oasis-open.org/archives/cti-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review of “STIX Version 2.0”, we call your attention to the OASIS IPR Policy [2] applicable especially [3] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

========== Additional references:

[1] OASIS Cyber Threat Intelligence (CTI) TC
https://www.oasis-open.org/committees/cti/

[2] http://www.oasis-open.org/who/intellectualproperty.php

[3] http://www.oasis-open.org/committees/cti/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode
Non-Assertion Mode