Cybersecurity
StandardTAXII Version 2.1
An application layer protocol for the communication of cyber threat information in a simple and scalable manner. This specification defines the TAXII RESTful API and its resources along with the requirements for TAXII Client and Server implementations.
TAXII Version 2.1
An application layer protocol for the communication of cyber threat information in a simple and scalable manner. This specification defines the TAXII RESTful API and its resources along with the requirements for TAXII Client and Server implementations.
Produced by:
OASIS Cyber Threat Intelligence (CTI) TCVoting history:
January 2020
OASIS Standard:
Cite as:
Cite as:
[TAXII-v2.1]
TAXII(TM) Version 2.1. Edited by Bret Jordan and Drew Varner. 27 January 2020. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01.html. Latest version: http://docs.oasis-open.org/cti/taxii/v2.0/taxii-v2.0.html.
StandardOpen Command and Control (OpenC2) Language Specification Version 1.0
A concise and extensible language to enable machine-to-machine communications for purposes of command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. It should be understood that a language such as OpenC2 is necessary but insufficient to enable coordinated cyber responses that occur within cyber relevant time. Other aspects of coordinated cyber response such as sensing, analytics, and selecting appropriate courses of action are beyond the scope of OpenC2.
Open Command and Control (OpenC2) Language Specification Version 1.0
A concise and extensible language to enable machine-to-machine communications for purposes of command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. It should be understood that a language such as OpenC2 is necessary but insufficient to enable coordinated cyber responses that occur within cyber relevant time. Other aspects of coordinated cyber response such as sensing, analytics, and selecting appropriate courses of action are beyond the scope of OpenC2.
Produced by:
OASIS Open Command and Control (OpenC2) TCVoting history:
November 2019
OASIS Standard:
Cite as:
Cite as:
[OpenC2-Lang-v1.0] Open Command and Control (OpenC2) Language Specification Version 1.0.
Edited by Jason Romano and Duncan Sparrell. 24 November 2019. OASIS Committee Specification 02.
https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs02/oc2ls-v1.0-cs02.html.
Latest version: https://docs.oasis-open.org/openc2/oc2ls/v1.0/oc2ls-v1.0.html.
StandardOpen Command and Control (OpenC2) Language Specification Version 1.0
A concise and extensible language to enable machine-to-machine communications for purposes of command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. It should be understood that a language such as OpenC2 is necessary but insufficient to enable coordinated cyber responses that occur within cyber relevant time. Other aspects of coordinated cyber response such as sensing, analytics, and selecting appropriate courses of action are beyond the scope of OpenC2.
Open Command and Control (OpenC2) Language Specification Version 1.0
A concise and extensible language to enable machine-to-machine communications for purposes of command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. It should be understood that a language such as OpenC2 is necessary but insufficient to enable coordinated cyber responses that occur within cyber relevant time. Other aspects of coordinated cyber response such as sensing, analytics, and selecting appropriate courses of action are beyond the scope of OpenC2.
Produced by:
OASIS Open Command and Control (OpenC2) TCVoting history:
July 2019
OASIS Standard:
Cite as:
Cite as:
[OpenC2-Lang-v1.0] Open Command and Control (OpenC2) Language Specification Version 1.0. Edited by Jason Romano and Duncan Sparrell. 11 July 2019. OASIS Committee Specification 01. https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs01/oc2ls-v1.0-cs01.html. Latest version: https://docs.oasis-open.org/openc2/oc2ls/v1.0/oc2ls-v1.0.html.
StandardOpen Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0
A concise and extensible language to enable the command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. Stateless packet filtering is a cyber defense mechanism that denies or allows traffic based on static properties of the traffic, such as address, port, protocol, etc. This profile defines the Actions, Targets, Specifiers and Options that are consistent with the version 1.0 of the OpenC2 Language Specification ([OpenC2-Lang-v1.0]) in the context of stateless packet filtering (SLPF).
Open Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0
A concise and extensible language to enable the command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. Stateless packet filtering is a cyber defense mechanism that denies or allows traffic based on static properties of the traffic, such as address, port, protocol, etc. This profile defines the Actions, Targets, Specifiers and Options that are consistent with the version 1.0 of the OpenC2 Language Specification ([OpenC2-Lang-v1.0]) in the context of stateless packet filtering (SLPF).
Produced by:
OASIS Open Command and Control (OpenC2) TCVoting history:
July 2019
OASIS Standard:
Cite as:
Cite as:
[OpenC2-SLPF-v1.0] Open Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0. Edited by Joe Brule, Duncan Sparrell and Alex Everett. 11 July 2019. Committee Specification 01. https://docs.oasis-open.org/openc2/oc2slpf/v1.0/cs01/oc2slpf-v1.0-cs01.html. Latest version: https://docs.oasis-open.org/openc2/oc2slpf/v1.0/oc2slpf-v1.0.html.
StandardSpecification for Transfer of OpenC2 Messages via HTTPS Version 1.0d
Specifies the use of HTTP over TLS as a transfer mechanism for OpenC2 Messages.
Specification for Transfer of OpenC2 Messages via HTTPS Version 1.0d
Specifies the use of HTTP over TLS as a transfer mechanism for OpenC2 Messages.
Produced by:
OASIS Open Command and Control (OpenC2) TCVoting history:
July 2019
OASIS Standard:
Cite as:
Cite as:
[OpenC2-HTTPS-v1.0] Specification for Transfer of OpenC2 Messages via HTTPS Version 1.0. Edited by David Lemire. 11 July 2019. OASIS Committee Specification 01. https://docs.oasis-open.org/openc2/open-impl-https/v1.0/cs01/open-impl-https-v1.0-cs01.html. Latest version: https://docs.oasis-open.org/openc2/open-impl-https/v1.0/open-impl-https-v1.0.html.
CSAF Common Vulnerability Reporting Framework (#CVRF) V1.2 is now a Committee Specification
StandardCSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2
Definitive reference for the CSAF CVRF language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties.
CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2
Definitive reference for the CSAF CVRF language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties.
Produced by:
OASIS Common Security Advisory Framework (CSAF) TCVoting history:
September 2017
OASIS Standard:
Cite as:
Cite as:
[CVRF-v1.2]
CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2. Edited by Stefan Hagen. 13 September 2017. OASIS Committee Specification 01. http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.html. Latest version: http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/csaf-cvrf-v1.2.html.
StandardSTIX(TM) Version 2.0
A language for expressing cyber threat and observable information. This document defines concepts that apply across all of STIX and defines the overall structure of the STIX language.
STIX(TM) Version 2.0
A language for expressing cyber threat and observable information. This document defines concepts that apply across all of STIX and defines the overall structure of the STIX language.
Produced by:
OASIS Cyber Threat Intelligence (CTI) TCVoting history:
July 2017
OASIS Standard:
Committee Specification 01
Part 1: STIX Core Concepts
HTML
PDF
DOCX
Part 2: STIX Objects
HTML
PDF
DOCX
Part 3: Cyber Observable Core Concepts
HTML
PDF
DOCX
Cite as:
Cite as:
[STIX-v2.0-Pt1-Core]
STIX(TM) Version 2.0. Part 1: STIX Core Concepts. Edited by Rich Piazza, John Wunder, and Bret Jordan. 19 July 2017. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v2.0/cs01/part1-stix-core/stix-v2.0-cs01-part1-stix-core.html. Latest version: http://docs.oasis-open.org/cti/stix/v2.0/stix-v2.0-part1-stix-core.html.
[STIX-v2.0-Pt2-Objects]
STIX(TM) Version 2.0. Part 2: STIX Objects. Edited by Rich Piazza, John Wunder, and Bret Jordan. 19 July 2017. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v2.0/cs01/part2-stix-objects/stix-v2.0-cs01-part2-stix-objects.html. Latest version: http://docs.oasis-open.org/cti/stix/v2.0/stix-v2.0-part2-stix-objects.html.
[STIX-v2.0-Pt3-Cyb-Core]
STIX(TM) Version 2.0. Part 3: Cyber Observable Core Concepts. Edited by Trey Darley and Ivan Kirillov. 19 July 2017. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v2.0/cs01/part3-cyber-observable-core/stix-v2.0-cs01-part3-cyber-observable-core.html. Latest version: http://docs.oasis-open.org/cti/stix/v2.0/cs01/part3-cyber-observable-core/stix-v2.0-cs01-part3-cyber-observable-core.html.
[STIX-v2.0-Pt4-Cyb-Objects]
STIX(TM) Version 2.0. Part 4: Cyber Observable Objects. Edited by Trey Darley and Ivan Kirillov. 19 July 2017. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v2.0/cs01/part4-cyber-observable-objects/stix-v2.0-cs01-part4-cyber-observable-objects.html. Latest version: http://docs.oasis-open.org/cti/stix/v2.0/stix-v2.0-part4-cyber-observable-objects.html.
[STIX-v2.0-Pt5-Patterning]
STIX(TM) Version 2.0. Part 5: STIX Patterning. Edited by Trey Darley and Ivan Kirillov. 19 July 2017. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v2.0/cs01/part5-stix-patterning/stix-v2.0-cs01-part5-stix-patterning.html. Latest version: "http://docs.oasis-open.org/cti/stix/v2.0/stix-v2.0-part5-stix-patterning.html.
.
StandardTAXII(TM) Version 2.0
An application layer protocol for the communication of cyber threat information in a simple and scalable manner. This specification defines the TAXII RESTful API and its resources along with the requirements for TAXII Client and Server implementations.
TAXII(TM) Version 2.0
An application layer protocol for the communication of cyber threat information in a simple and scalable manner. This specification defines the TAXII RESTful API and its resources along with the requirements for TAXII Client and Server implementations.
Produced by:
OASIS Cyber Threat Intelligence (CTI) TCVoting history:
July 2017
OASIS Standard:
Cite as:
Cite as:
[TAXII-v2.0]
TAXII(TM) Version 2.0. Edited by John Wunder, Mark Davidson, and Bret Jordan. 19 July 2017. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/taxii/v2.0/cs01/taxii-v2.0-cs01.html. Latest version: http://docs.oasis-open.org/cti/taxii/v2.0/taxii-v2.0.html.
StandardSTIX(TM) Version 1.2.1
A collaborative, community-driven effort to define and develop a framework for expressing cyber threat information to enable cyber threat information sharing and cyber threat analysis. The STIX framework comprises a collection of extensible component specifications along with an overarching core specification and supporting specifications. This document serves as an overview of those specifications and defines how they are used within the broader STIX framework.
STIX(TM) Version 1.2.1
A collaborative, community-driven effort to define and develop a framework for expressing cyber threat information to enable cyber threat information sharing and cyber threat analysis. The STIX framework comprises a collection of extensible component specifications along with an overarching core specification and supporting specifications. This document serves as an overview of those specifications and defines how they are used within the broader STIX framework.
Produced by:
OASIS Cyber Threat Intelligence (CTI) TCVoting history:
May 2016
OASIS Standard:
Committee Specification 01
Part 7: Threat Actor
HTML
PDF
DOCX
Part 9: Course of Action
HTML
PDF
DOCX
Part 10: Exploit Target
HTML
PDF
DOCX
Part 12: Default Extensions
HTML
PDF
DOCX
Part 13: Data Marking
HTML
PDF
DOCX
Part 14: Vocabularies
HTML
PDF
DOC
UML Model Serialization
http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/uml-model/
Cite as:
Cite as:
[STIX-v1.2.1-Overview]STIX(TM) Version 1.2.1. Part 1: Overview. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part1-overview/stix-v1.2.1-cs01-part1-overview.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part1-overview.html.
[STIX-v1.2.1-Common]STIX(TM) Version 1.2.1. Part 2: Common. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part2-common/stix-v1.2.1-cs01-part2-common.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part2-common.html.
[STIX-v1.2.1-Core]STIX(TM) Version 1.2.1. Part 3: Core. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part3-core/stix-v1.2.1-cs01-part3-core.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part3-core.html.
[STIX-v1.2.1-Indicator]STIX(TM) Version 1.2.1. Part 4: Indicator. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part4-indicator/stix-v1.2.1-cs01-part4-indicator.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part4-indicator.html.
[STIX-v1.2.1-TTP]STIX(TM) Version 1.2.1. Part 5: TTP. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part5-ttp/stix-v1.2.1-cs01-part5-ttp.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part5-ttp.html.
[STIX-v1.2.1-Incident]STIX(TM) Version 1.2.1. Part 6: Incident. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part6-incident/stix-v1.2.1-cs01-part6-incident.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part6-incident.html.
[STIX-v1.2.1-Threat-actor]STIX(TM) Version 1.2.1. Part 7: Threat Actor. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part7-threat-actor/stix-v1.2.1-cs01-part7-threat-actor.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part7-threat-actor.html.
[STIX-v1.2.1-Campaign]STIX(TM) Version 1.2.1. Part 8: Campaign. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part8-campaign/stix-v1.2.1-cs01-part8-campaign.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part8-campaign.html.
[STIX-v1.2.1-COA]STIX(TM) Version 1.2.1. Part 9: Course of Action. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part9-coa/stix-v1.2.1-cs01-part9-coa.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part9-coa.html.
[STIX-v1.2.1-Exploit-Target]STIX(TM) Version 1.2.1. Part 10: Exploit Target. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part10-exploit-target/stix-v1.2.1-cs01-part10-exploit-target.html. Latest version: ttp://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part10-exploit-target.html.
[STIX-v1.2.1-Report]STIX(TM) Version 1.2.1. Part 11: Report. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part11-report/stix-v1.2.1-cs01-part11-report.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part11-report.html.
[STIX-v1.2.1-Extensions]STIX(TM) Version 1.2.1. Part 12: Default Extensions. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part12-extensions/stix-v1.2.1-cs01-part12-extensions.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part12-extensions.html.
[STIX-v1.2.1-Data-Marking]STIX(TM) Version 1.2.1. Part 13: Data Marking. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part13-data-marking/stix-v1.2.1-cs01-part13-data-marking.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part13-data-marking.html.
[STIX-v1.2.1-Vocabularies]STIX(TM) Version 1.2.1. Part 14: Vocabularies. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part14-vocabularies/stix-v1.2.1-cs01-part14-vocabularies.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part14-vocabularies.html.
[STIX-v1.2.1-UML-Model]STIX(TM) Version 1.2.1. Part 15: UML Model. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part15-uml-model/stix-v1.2.1-cs01-part15-uml-model.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part15-uml-model.html.
Produced by:
OASIS Cyber Threat Intelligence (CTI) TCVoting history:
May 2016
OASIS Standard:
Committee Specification 01
Part 3: HTTP Protocol Binding
HTML
PDF
DOCX
Part 4: XML Message Binding
HTML
PDF
DOCX
Part 5: Default Query
HTML
PDF
DOCX
XML schemas
http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/schemas/
Cite as:
Cite as:
[TAXII-v1.1.1-Overview]TAXII(TM) Version 1.1.1. Part 1: Overview. Edited by Mark Davidson, Charles Schmidt, and Bret Jordan. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part1-overview/taxii-v1.1.1-cs01-part1-overview.html. Latest version: http://docs.oasis-open.org/cti/taxii/v1.1.1/taxii-v1.1.1-part1-overview.html.
[TAXII-v1.1.1-Services]TAXII(TM) Version 1.1.1. Part 2: Services. Edited by Mark Davidson, Charles Schmidt, and Bret Jordan. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part2-services/taxii-v1.1.1-cs01-part2-services.html. Latest version: http://docs.oasis-open.org/cti/taxii/v1.1.1/taxii-v1.1.1-part2-services.html.
[TAXII-v1.1.1-HTTP]TAXII(TM) Version 1.1.1. Part 3: HTTP Protocol Binding. Edited by Mark Davidson, Charles Schmidt, and Bret Jordan. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part3-http/taxii-v1.1.1-cs01-part3-http.html. Latest version: http://docs.oasis-open.org/cti/taxii/v1.1.1/taxii-v1.1.1-part3-http.html.
[TAXII-v1.1.1-XML-Msg]TAXII(TM) Version 1.1.1. Part 4: XML Message Binding. Edited by Mark Davidson, Charles Schmidt, and Bret Jordan. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part4-xml/taxii-v1.1.1-cs01-part4-xml.html. Latest version: http://docs.oasis-open.org/cti/taxii/v1.1.1/taxii-v1.1.1-part4-xml.html.
[TAXII-v1.1.1-Query]TAXII(TM) Version 1.1.1. Part 5: Default Query. Edited by Mark Davidson, Charles Schmidt, and Bret Jordan. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part5-query/taxii-v1.1.1-cs01-part5-query.html. Latest version: http://docs.oasis-open.org/cti/taxii/v1.1.1/taxii-v1.1.1-part5-query.html.
No results with the selected filters