[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-users] "Data Marking" syntaxes
Can we start driving this discussion to some sort of solution? So what about something like the following for a top level Indicator. Note, all marking/handling would be done at the top object level. If you had different sub needs, you would issue a different top level object. Once again, just throwing spaghetti at the wall trying to get anything to stick so we can start moving this discussion forward.{"type": "indicator","marking": {"tlp-color": "white || green || amber || red || black","share": "public || limited || no","jurisdiction": ["EU","Safe Harbour"],"anonymize": "true || false","details": "some really long detailed text with extra context","handeling": {"encrypt-at-rest": "true || false","encrypt-in-transit": "true || false"}}}This kind of structure will allow people in niche eco-systems to add proprietary fields at both the marking level and the handling level if they need to without breaking other peoples code. I added a TLP color of "black" to be the magic decoder ring option for "there is extra stuff in this marking / handling that MUST be adhered to".We would still need to come up with some general guidelines for the colors to help people make sense of them.Thanks,BretBret Jordan CISSPDirector of Security Architecture and Standards | Office of the CTOBlue Coat SystemsPGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]