[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] RE: [iep-sig] STIX 2.1: Adding IEP Framework to STIX 2.1
Strongly encouraged
From: <cti-stix@lists.oasis-open.org>
on behalf of "Struse, Richard" <Richard.Struse@HQ.DHS.GOV>
Date: Tuesday, May 2, 2017 at 2:56 PM
To: Merike Kaeo <merike@fsi.io>,
"Carothers, Matt (CCI-Atlanta)" <Matt.Carothers@cox.com>
Cc: Terry MacDonald <terry.macdonald@cosive.com>,
"cti-stix@lists.oasis-open.org"
<cti-stix@lists.oasis-open.org>,
"iep-sig@first.org"
<iep-sig@first.org>
Subject: [cti-stix] RE: [iep-sig] STIX 2.1: Adding IEP Framework to
STIX 2.1
I concur as well – the addition of IEP could greatly enhance our collective ability to specify, and comply with, policies for handling machine-readable CTI!
From: iep-sig-request@lists.first.org[mailto:iep-sig-request@lists.first.org]
On Behalf Of Merike Kaeo via iep-sig
Sent: Tuesday, May 02, 2017 2:15 PM
To: Carothers, Matt (CCI-Atlanta)
Cc: Terry MacDonald; cti-stix@lists.oasis-open.org;
iep-sig@first.org
Subject: Re: [iep-sig] STIX 2.1: Adding IEP Framework to STIX 2.1
Thanks Matt.
Any others who want to chime in?
- merike
On May 2, 2017, at 6:29 AM, Carothers, Matt (CCI-Atlanta)
via iep-sig (via iep-sig Mailing List) <iep-sig@lists.first.org>
wrote:
I’m a big fan of the IEP, and I’d like to see it included.
- Matt
From: iep-sig-request@lists.first.org [mailto:iep-sig-request@lists.first.org] On
Behalf Of Terry MacDonald via iep-sig
Sent: Monday, May 1, 2017 9:01 PM
To: cti-stix@lists.oasis-open.org; iep-sig@first.org
Subject: Re: [iep-sig] STIX 2.1: Adding IEP Framework to STIX
2.1
Hi All,
Just checking with everyone to see their thoughts on the suggestion to add IEP v2 to STIX 2.1. Does anyone at all have any objections to this being an additional method for producers to describe in greater detail what consumers can do with the data? People could still use TLP if they wished (although IEP includes TLP and a lot more besides).
Cheers
Terry MacDonald | Chief Product Officer
<image001.png>
On Sun, Apr 30, 2017 at 9:22 AM, Terry MacDonald <terry.macdonald@cosive.com>
wrote:
Hi All,
I've got an update on the FIRST Information Exchange Policy (IEP) Framework work currently being done within the FIRST IEP-SIG.
For those of you who have never heard of IEP, it is a JSON based way for threat intel producers to inform recipients of how they are allowed to use the data threat intel they receive. It extends the Traffic Light Protocol (TLP) to fill a lot of the gaps, removing ambiguity when sharing information..
IEP version 2.0 differs from IEP version 1.0 in that it now allows threat intel to reference remote IEP policies. This allows communities to create a network accessible IEPJ file, and all threat intel to just reference that url. We plan on drafting some standard IEP policies to help kick start the process off.
You can view more about the draft IEP Framework documents in the attached documentation:
· FIRST_IEP_Framework_2_20170418.pdf describes the IEP Framework at a high level
· FIRST_IEP_2_JSON_20170104.pdf describes the JSON implementation of the IEP Framework.
We know that IEP would provide a lot of value to STIX 2.1, as it would clear up a lot of the confusion that recipients have regarding how they can use they data they receive. For this reason, we have created a draft STIX Data Marking object specifically for IEP, and we submit this to the community for inclusion in STIX 2.1. STIX2.1Proposal-InformationExchangePolicyMarkingObjectType.pdf describes our proposal in greater depth.
Cheers
Terry MacDonald | Chief Product Officer
<image001.png>
___________________________________________________________
This is a FIRST restricted and confidential mailing list.
Do not Forward, Cc, Bcc, copy or summarize this email
outside of the FIRST community without the express
permission of the content owner(s).
FIRST.Org Lists
___________________________________________________________
This email and any attachments thereto may contain private,
confidential, and/or privileged material for the sole use of the intended
recipient. Any review, copying, or distribution of this email (or any attachments
thereto) by others is strictly prohibited. If you are not the intended
recipient, please contact the sender immediately and permanently delete
the original and any copies of this email and any attachments thereto.
--
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]