Thanks Jamie.
Understanding what this means with respect to public procurements of the latest versions of STIX/TAXII will be helpful. In the meantime, we’re all thrilled about this decision on the part of the EU!
Thanks,
Rich
From: Jamie Clark <jamie.clark@oasis-open.org>
Date: Tuesday, January 9, 2018 at 6:02 PM
To: Jason Keirstead <Jason.Keirstead@ca.ibm.com>, Trey Darley <trey@newcontext.com>, OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
Cc: Chet Ensign <chet.ensign@oasis-open.org>, Carol Cosgrove-Sacks <carol.cosgrove-sacks@oasis-open.org>, Richard Struse <rjs@mitre.org>
Subject: Re: [cti] EUROPE adopts STIX and TAXII
Hi guys. Congrats. This EU approval process is a fairly formal and long-lead-time drill. Also, nominations come only from EU member-state public administrations, not us. Carol and I assist with that process somewhat, but it's ultimately
sent to the Commission itself, via several review processes (including a panel on which Carol serves). We can look into whether a re-review (or some other appropriate pointer) would be appropriate for v2.
Cordially Jamie
PS attached is the simple PDF/EN version, FWIW.
On Tue, Jan 9, 2018 at 12:16 PM, Jason Keirstead <Jason.Keirstead@ca.ibm.com> wrote:
I don't know anything at all about this process - but I noticed it specifically mentions the STIX 1.2 and TAXII 1.1 versions.
‘Structured Threat Information _expression_’ (‘STIX 1.2’) and ‘Trusted Automated Exchange of Indicator Information’ (‘TAXII 1.1’) developed by the Organization for the Advancement of Structured Information Standards (‘OASIS’).
How would we get STIX 2.0 and TAXII 2.0 added to this? Anyone have any ideas? Or does it matter? Anyone have insights?
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security
"Things may come to those who wait, but only the things left by those who hustle." - Unknown
From: Chet Ensign <chet.ensign@oasis-open.org>
To: Carol Cosgrove-Sacks <carol.cosgrove-sacks@oasis-open.org>
Cc: OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
Date: 01/09/2018 03:59 PM
Subject: Re: [cti] EUROPE adopts STIX and TAXII
Sent by: <cti@lists.oasis-open.org>
Let me add my congratulations folks. You've worked hard these past years. Seeing you get this recognition is a great start to 2018!
Good work!
/chet
On Tue, Jan 9, 2018 at 2:56 PM, Carol Cosgrove-Sacks <carol.cosgrove-sacks@oasis-open.org>
wrote:
Dear Members of the CTI TC,
I have just been informed that the EU has made a formal Decision to recognize the use of STIX 1.2 and TAXII 1.1 for use in public procurement.
Please see Commission Implementing Decision (EU) 2017/2288 of 11 December 2017: http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1515520575463&uri=CELEX:32017D2288
Congratulations! This Decision covers all 28 EU countries and is also applied by the 4 EFTA countries.*
I am delighted that your excellent work has received such high level recognition.
Dr Carol Cosgrove-Sacks
Senior Advisor on International Standards Policy
OASIS
*(EU: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands,
Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and United Kingdom;
EFTA: Iceland, Liechtenstein, Norway and Switzerland.)
--
--
/chet
----------------
Chet Ensign
Director of Standards Development and TC Administration
OASIS: Advancing open standards for the information society
http://www.oasis-open.org
Primary: +1 973-996-2298
Mobile: +1 201-341-1393
|