OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] Re: STIX 2.1: Adding IEP Framework to STIX 2.1

Hi Terry,

 

Thanks for sending this in. Are you available to present at a working call (perhaps next week) to give a 10-15 minute presentation on the proposal? The goal out of that session would be to determine if the TC wants to include the proposal in 2.1 and, if so, where it should be placed on the 2.1 roadmap.

 

I’ll also take some time to look through your proposal in more detail, hopefully others can do the same so we go to that session prepared.

 

Thanks,

John

 

From: <cti-stix@lists.oasis-open.org> on behalf of Terry MacDonald <terry.macdonald@cosive.com>
Date: Monday, May 1, 2017 at 9:00 PM
To: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>, "iep-sig@first.org" <iep-sig@first.org>
Subject: [cti-stix] Re: STIX 2.1: Adding IEP Framework to STIX 2.1

 

Hi All,

 

Just checking with everyone to see their thoughts on the suggestion to add IEP v2 to STIX 2.1. Does anyone at all have any objections to this being an additional method for producers to describe in greater detail what consumers can do with the data? People could still use TLP if they wished (although IEP includes TLP and a lot more besides).


Cheers

 

Terry MacDonald | Chief Product Officer

 

 

 

 

 

 

On Sun, Apr 30, 2017 at 9:22 AM, Terry MacDonald <terry.macdonald@cosive.com> wrote:

Hi All,

 

I've got an update on the FIRST Information Exchange Policy (IEP) Framework work currently being done within the FIRST IEP-SIG. 

 

For those of you who have never heard of IEP, it is a JSON based way for threat intel producers to inform recipients of how they are allowed to use the data threat intel they receive. It extends the Traffic Light Protocol (TLP) to fill a lot of the gaps, removing ambiguity when sharing information..

 

IEP version 2.0 differs from IEP version 1.0 in that it now allows threat intel to reference remote IEP policies. This allows communities to create a network accessible IEPJ file, and all threat intel to just reference that url. We plan on drafting some standard IEP policies to help kick start the process off. 

 

You can view more about the draft IEP Framework documents in the attached documentation:

  • FIRST_IEP_Framework_2_20170418.pdf describes the IEP Framework at a high level
  • FIRST_IEP_2_JSON_20170104.pdf describes the JSON implementation of the IEP Framework.

We know that IEP would provide a lot of value to STIX 2.1, as it would clear up a lot of the confusion that recipients have regarding how they can use they data they receive. For this reason, we have created a draft STIX Data Marking object specifically for IEP, and we submit this to the community for inclusion in STIX 2.1.  STIX2.1Proposal-InformationExchangePolicyMarkingObjectType.pdf describes our proposal in greater depth.

 

Cheers

 

Terry MacDonald | Chief Product Officer

 

 

 

 

 

 

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]