OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] F2F Update & Call for agenda topics

    Thanks from us for this also, Tony.    The legislation does indeed provide a whole bunch of new issues for info sharing -- but on the technical side, it certainly does look like a paved sidewalk to STIX/TAXII. 
    For what it's worth, it sounds like a great idea to use a manageable part of your F2F time to talk about how the TC wants to describe its work as fitting into this US mandate -- and how to do so without losing its potential character as a global voluntary toolset as well. 
    Obviously, having posted your slideset to the TC list, it's public via our archives now.   It's good stuff, so we may share it with a few other folks for general information, with the obvious warning that it's a company's view, not necessarily representing the TC's work or viewpoint. 
    Happy new year -- cordially, Jamie

James Bryce Clark, General Counsel
OASIS: Advancing open standards for the information society
Recent:  http://j.mp/globalcyber (OASIS-World Bank cybersec conference)
Recent:  http://www.iso.org/iso/catalogue_detail.htm?csnumber=66370 (UBL approved by ISO/IEC)

On Fri, Jan 1, 2016 at 6:26 AM, Tony Rutkowski <tony@yaanatech.com> wrote:
Hi Mark,

Happy New Year.

Two weeks ago, a rather significant and fast
moving "baby" was left at our collective doorstep
in the form of the Cybersecurity Act of 2015.
It is arguably the most significant cybersecurity
statutory enactment for the U.S. with implications
far beyond its shores.  It has major deliverables
required in fast order early this year.  It also is tightly
bound to the work for this Technical Committee.
It seems appropriate to add this subject to the
F2F agenda - based on the attached slide material.

What has been provide here is a "deconstruction"
of the Act to identify the requirements model,
architecture, interfaces, and expressions required
by the Act.  It is worth noting that the information
exchange model here has a tight binding to OASIS
generally, and the architectures are common to
others established by many other government
established compliance obligations creating
information sharing interfaces.

The slides provide model basics, the embedded
architecture and interfaces, the exchange expressions,
timeline, and some "starter" questions and options.
A number of additional slides are attached that
provide reference information underlying those
questions and options.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]