Absolutely - we should adopt IEP. Patrick Maroney Principal Engineer - Data Science & Analytics (609)841-5104
Strongly encouraged
I concur as well – the addition of IEP could greatly enhance our collective ability to specify, and comply with, policies for handling machine-readable
CTI!
Thanks Matt.
Any others who want to chime in?
On May 2, 2017, at 6:29 AM, Carothers, Matt (CCI-Atlanta) via iep-sig (via iep-sig Mailing List) <iep-sig@lists.first.org> wrote:
I’m a big fan of the IEP, and I’d like to see it included.
Just checking with everyone to see their thoughts on the suggestion to add IEP v2 to STIX 2.1. Does anyone at all have any objections to this being an additional method for producers to describe in greater detail
what consumers can do with the data? People could still use TLP if they wished (although IEP includes TLP and a lot more besides).
Terry MacDonald | Chief Product Officer
I've got an update on the FIRST Information Exchange Policy (IEP) Framework work currently being done within the FIRST IEP-SIG.
For those of you who have never heard of IEP, it is a JSON based way for threat intel producers to inform recipients of how they are allowed to use the data threat intel they receive. It extends the Traffic Light
Protocol (TLP) to fill a lot of the gaps, removing ambiguity when sharing information..
IEP version 2.0 differs from IEP version 1.0 in that it now allows threat intel to reference remote IEP policies. This allows communities to create a network accessible IEPJ file, and all threat intel to just reference
that url. We plan on drafting some standard IEP policies to help kick start the process off.
You can view more about the draft IEP Framework documents in the attached documentation:
·
FIRST_IEP_Framework_2_20170418.pdf describes the IEP Framework at a high level
·
FIRST_IEP_2_JSON_20170104.pdf describes the JSON implementation of the IEP Framework.
We know that IEP would provide a lot of value to STIX 2.1, as it would clear up a lot of the confusion that recipients have regarding how they can use they data they receive. For this reason, we
have created a draft STIX Data Marking object specifically for IEP, and we submit this to the community for inclusion in STIX 2.1. STIX2.1Proposal-InformationExchangePolicyMarkingObjectType.pdf describes our proposal in greater depth.
Terry MacDonald | Chief Product Officer
___________________________________________________________
This is a FIRST restricted and confidential mailing list.
Do not Forward, Cc, Bcc, copy or summarize this email
outside of the FIRST community without the express
permission of the content owner(s).
FIRST.Org Lists
___________________________________________________________
This email and any attachments thereto may contain private, confidential, and/or privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited.
If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.
|