[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: ISAO Privacy and Security SWG
The DHS NPPD Privacy Office has done extensive work on this area in support of our Automated Indicator Initiative (AIS) - https://www.us-cert.gov/ais. In addition to a formal Privacy Impact Assessment (PIA)- https://www.us-cert.gov/sites/default/files/ais_files/PIA_NPPD-AIS.pdf, this has included a data-element-level analysis of potential PII concerns.
CTI TC STIX/TAXII Community,
The Information Sharing and Analysis Organizations (ISAO) Working Group Sub-working Group 4 (SWG4) on Privacy and Security is drafting guidance documents for the emerging ISAO Community. They requested that we reach out to the STIX/TAXII community for information on whether some STIX fields are at a higher risk for containing personal information (privacy risk) or containing information that might pose a security risk (e.g. expose network details that might be taken advantage of). If there are any summaries of security and privacy risks that may have been discussed during the development of STIX and TAXII, they would also be useful. The SWG4 draft documents are available for direct review and comment (https://www.isao.org/products/drafts/ ) but I am happy to gather thoughts from the CTI TC list and submit them to the SWG.
Thanks so much,
Enhance Shared Situational Awareness (ESSA) Systems Engineering Team
Johns Hopkins Applied Physics Laboratory
443-778-6989 / Baltimore
240-228-6989 / Washington
Office hours: 8:00 to 2:00 Mon - Thur
Description: S/MIME cryptographic signature