OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Fw: Re: [cti-comment] Comment Resolution Log for STIX 2.1 CSD 05 Public Review


Please see below the comment that I received from Chris Carlson. There was a technical difficulty in getting this comment on-list.
 
Emily Ratliff
STSM, Security Architect
IBM Security
 
 
----- Original message -----
From: Christopher Carlson <chris@ctcarlson.com>
To: Emily Ratliff <Emily.Ratliff@ibm.com>
Cc:
Subject: [EXTERNAL] Re: [cti-comment] Comment Resolution Log for STIX 2.1 CSD 05 Public Review
Date: Fri, Jan 15, 2021 12:58 PM
 
Here is the content that I provided:
 
Recommended Change to Section 4.3.1, Course of Action - Properties
 
Add one more Property:
 
Property Name: function (optional)
Type: list of type open-vocab; 
Description: The values for this property SHOULD come from the course-of-action-ov   open vocabulary.
 
Add one more STIX Vocabulary to support this change 
Cybersecurity Framework Function Vocabulary.
Vocabulary Name: course-of-action-ov
 
The course of action type vocabulary is currently used in the following SDO(s):
  • Course of Action
 
The course of action type is an open vocabulary that provides a high-level characterization of the function to be provided by a Course of Action. For example, a recovery course of action improves the ability to facilitate recovery from an incident. A course of action may improve more than one course of action type, such as detecting and responding to an incident.
 
 
Values should be drawn from the NIST Cybersecurity Framework, Table 1 "Function" column shown below (document available at https://www.nist.gov/cyberframework) . 
image.png
 
The benefit of this additional information is that it can assist organizing security control improvement projects to reduce the probability of loss events.
 
Thanks,
 
Christopher Carlson
C T Carlson LLC
 
 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]