OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: STIX 2.0 RC3



Thanks to a ton of work from the community, editors, and co-chairs we’ve been able to finalize STIX 2.0 RC3 and would like to kick off an informal (i.e., no ballot) two week review period (closing 11/22). The documents are available on Google Docs (links below) and in the attached .zip file (Word and PDF).


As a reminder, this STIX 2.0 Standards Track Work Product consists of five parts (documents):


-          Part 1, STIX Core

-          Part 2, STIX Objects

-          Part 3a, Cyber Observable Core Concepts

-          Part 3b, Cyber Observable Objects

-          Part 4, Patterning


Parts 1 and 2 are what used to be the STIX 2.0 specification as defined in RC2. RC2 underwent an official TC ballot and therefore we’ve tracked all changes to those documents in the attached CHANGELOG.txt and in the .zip. Parts 3a and 3b are what used to be known as CybOX and are now merged into the STIX work product as Cyber Observables. Part 4 is what used to be known as CybOX Patterning and is now merged into the STIX work product as Patterning. Parts 3a, 3b, and 4 have not undergone an official ballot and so there are no tracked changes since there’s nothing to track changes from.


Please take the time now to review the documents and provide feedback. At this point, we’re hoping to capture all feedback on the mailing lists to provide visibility into what will change. Feedback can either be in a marked-up Word document, PDF, or just in e-mail text. All changes will be discussed with the community and tracked.


Obviously you should give the entire package a comprehensive review if you can, but as a suggestion on priority:

-          Patterning is crucial to this effort and has not been through a ballot yet, so should be a high priority

-          Parts 3a and 3b (CybOX) are also very important and have not been through a ballot

-          Conformance clauses were added to all documents (towards the end)

-          The changelog below denotes changes in Parts 1 and 2 from what we approved for RC2. If you were generally happy with the documents in RC2, you can just review the changelog.


The STIX 2.0 Cover Page on Google Docs will take you to all 5 parts: https://docs.google.com/document/d/1yvqWaPPnPW-2NiVCLqzRszcx91ffMowfT5MmE9Nsy_w.


Thanks everyone,

STIX 2.0 editors and STIX/Cyber Observable co-chairs


This changelog applies to the overall document structure and to the details of Parts 1 and 2. Parts 3a, 3b, and 4 have not been previously approved by the TC and therefore we don't have a changelog.

Major Changes
-  Made STIX 2.0 a multi-part specification, splitting the old STIX 2.0 specification into core and objects. All documents are:
  - STIX Core
  - STIX Objects
  - Cyber Observable Core
  - Cyber Observable Objects
  - Patterning
-  Merged CybOX into STIX as â??Cyber Observablesâ??
  - Added Cyber Observable and Patterning sections to the overall introduction in STIX Core
  - Added Float and Integer datatypes (used in Cyber Observables) to STIX Core, removed Number as duplicative
  - Renamed â??CybOXâ?? to â??Cyber Observablesâ?? in the text
  - Removed the â??cyboxâ?? layer from Observed Data (flattened data model structure)
-  Updated Observed Data text (per previous e-mail) to clarify that itâ??s supposed to capture a single observation
-  Removed location attributes (deferred to future)
-  Removed the optionality around pattern language (deferred to future)
  - Removed pattern_lang attribute, pattern-lang-ov from Indicator/vocabs
  - Updated text to indicator talking about multiple pattern languages
-  In Report Type vocabulary, changed â??victim-targetâ?? to â??identityâ?? to align with new TLO
-  Added conformance clauses to all documents

Minor Changes
-  Corrected a typo in malware vocabulary (summary table did not match actual values)
-  Corrected multiple examples for errors and data model changes to Cyber Observable Objects and Patterning
-  Corrected grammar/punctuation in several places
-  Added a clarification to the list type to address some confusion about what to do if a list was required but you didnâ??t have data to fill it (â??If the property is required, the list MUST be present and MUST have at least one value.â??) 

Attachment: stix2.0rc3.zip
Description: stix2.0rc3.zip

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]