OASIS Members and other interested parties,
OASIS is pleased to announce the availability of a new Committee Specification from the members of the Cyber Threat Intelligence (CTI) TC:
STIX Version 1.2.1
Committee Specification 01
05 May 2016
What is STIX and why is it important?
The Structured Threat Information _expression_ (STIX) is the result of a collaborative, community-driven effort to define and develop a framework for expressing cyber threat information in a way that enables cyber threat information sharing and cyber threat analysis. The STIX framework comprises a collection of extensible component specifications along with an overarching core specification and supporting specifications. STIX Version 1.2.1 provides an overview of those specifications and defines how they are used within the broader STIX framework.
About the TC:
The OASIS Cyber Threat Intelligence (CTI) TC is developing information representations and protocols to help industries, organizations, and governments model, analyze, and share cyber threat intelligence.
The TC has transitioned STIX (Structured Threat Information _expression_), TAXII (Trusted Automated Exchange of Indicator Information), and CybOX (Cyber Observable _expression_) from the US Department of Homeland Security (DHS) for standardization under the OASIS open standards process. STIX Version 1.2.1 is the first of these to be released as an OASIS Committee Specification.
Members of the TC are currently working on the next generation of these specifications.
STIX, TAXII, and CybOX recently received the European Identity Conference (EIC) 2016 Award for Best Innovation/New Standard in Information Security.
The prose specifications and related files are available at:
- STIX Version 1.2.1. Part 1: Overview
- STIX Version 1.2.1. Part 2: Common
- STIX Version 1.2.1. Part 3: Core
- STIX Version 1.2.1. Part 4: Indicator
- STIX Version 1.2.1. Part 5: TTP
- STIX Version 1.2.1. Part 6: Incident
- STIX Version 1.2.1. Part 7: Threat Actor
- STIX Version 1.2.1. Part 8: Campaign
- STIX Version 1.2.1. Part 9: Course of Action
- STIX Version 1.2.1. Part 10: Exploit Target
- STIX Version 1.2.1. Part 11: Report
- STIX Version 1.2.1. Part 12: Default Extensions
- STIX Version 1.2.1. Part 13: Data Marking
- STIX Version 1.2.1. Part 14: Vocabularies
- STIX Version 1.2.1. Part 15: UML Model
- UML Model Serialization
Distribution ZIP file
For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
Members of the CTI TC  approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process . The vote to approve as a Committee Specification passed , and the document is now available online in the OASIS Library as referenced above.
Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.
========== Additional references:
 OASIS Cyber Threat Intelligence (CTI) TC
IPR Statements page:
 Public reviews:
 Approval ballot:
Director of Standards Development and TC Administration
OASIS: Advancing open standards for the information societyhttp://www.oasis-open.org
Primary: +1 973-996-2298
Mobile: +1 201-341-1393