Re: [cti] EUROPE adopts STIX and TAXII

[Tony Rutkowski <tony@yaanatech.co.uk>]

Jason,

This occurred because those platforms were introduced at their inception into the ETSI Technical Committee on Cyber Security (TC CYBER) via the OASIS-ETSI MoU.  TC CYBER took several steps.  It included the platforms within a Technical Report on structured information sharing.  See TR 103331.  It then explicitly included the platforms in a published Technical Report that the platforms are essential to the EU implementation of the Network Information Security (NIS) Directive.  See TR 103456.   This was an especially significant step because of ETSI's formal relationship with the EU.  Within the EU governance system, ETSI enjoys special status somewhat unique special status as (along with CEN/CENELEC) the designated standards body for sector standards among EU Member countries.

It also published the specifications within two other published works (TR 103303 on critical infrastructure protection and TR103303, the Global Cyber Security Ecosystem encyclopedic work, worked jointly with ENISA to make a similar recommendation.  Lastly, it also highlighted the platforms at the annual ETSI Security Week workshops over the past three years which include representatives from the EC and most EU Members.   The work also continues.  At the next plenary meeting in February, TR 103333 is being updated to include the latest OASIS CTI specification developments.

All the documents are publicly, freely available and well-versioned with persistent identifiers at ETSI's document site.  See https://portal.etsi.org/webapp/WorkProgram/SimpleSearch/QueryForm.asp
The portal for all technical committee groups, including the massive ensemble of 3GPP which develops the world's mobile communication standards, and for NFV, among others, is at https://portal.etsi.org/

--tony (ETSI-OASIS liaison, work item rapporteur, and ENISA expert at work)

On 09-Jan-18 3:16 PM, Jason Keirstead wrote:

I don't know anything at all about this process - but I noticed it specifically mentions the STIX 1.2 and TAXII 1.1 versions.

        ‘Structured Threat Information _expression_’ (‘STIX 1.2’) and ‘Trusted Automated Exchange of Indicator Information’ (‘TAXII 1.1’) developed by the Organization for the Advancement of Structured Information Standards (‘OASIS’).

How would we get STIX 2.0 and TAXII 2.0 added to this? Anyone have any ideas? Or does it matter? Anyone have insights?


-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security

"Things may come to those who wait, but only the things left by those who hustle." - Unknown




From:        Chet Ensign <chet.ensign@oasis-open.org>
To:        Carol Cosgrove-Sacks <carol.cosgrove-sacks@oasis-open.org>
Cc:        OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
Date:        01/09/2018 03:59 PM
Subject:        Re: [cti] EUROPE adopts STIX and TAXII
Sent by:        <cti@lists.oasis-open.org>

---

Let me add my congratulations folks. You've worked hard these past years. Seeing you get this recognition is a great start to 2018! 

Good work! 

/chet

On Tue, Jan 9, 2018 at 2:56 PM, Carol Cosgrove-Sacks <carol.cosgrove-sacks@oasis-open.org> wrote:
Dear Members of the CTI TC,

I have just been informed  that the EU has made a formal Decision to recognize the use of STIX 1.2 and TAXII 1.1 for use in public procurement.


Please see Commission Implementing Decision (EU) 2017/2288 of 11 December 2017:  http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1515520575463&uri=CELEX:32017D2288

Congratulations! This Decision covers all 28 EU countries and is also applied by the 4 EFTA countries.*

I am delighted that your excellent work has received such high level recognition.

Dr Carol Cosgrove-Sacks
Senior Advisor on International Standards Policy
OASIS

 

*(EU: Austria, Belgium,  Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland,  France, Germany, Greece, Hungary, Ireland,  Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and United Kingdom;

EFTA: Iceland, Liechtenstein, Norway and Switzerland.)

--




--

/chet 
----------------
Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society
http://www.oasis-open.org

Primary: +1 973-996-2298
Mobile: +1 201-341-1393