Re: [cti] STIX/TAXII/ITU draft letter to discuss at today's meeting

[Bret Jordan <bj@ctin.us>]

Yeah it looks like Duncan just used a previous document and forgot to update that line. So yes, Duncan, please see the submitting TC line at the top. It is wrong.

Bret

On May 20, 2022, at 2:48 PM, Paul Patrick <ppatrick@darklight.ai> wrote:

You want to review the email as the link specified for TAXII is actually for the XACML standard

 

 

Paul Patrick

 

 

From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Bret Jordan <bj@ctin.us>
Date: Friday, May 20, 2022 at 2:50 PM
To: Duncan Sparrell <duncan@sfractal.com>
Cc: cti@lists.oasis-open.org <cti@lists.oasis-open.org>
Subject: Re: [cti] STIX/TAXII/ITU draft letter to discuss at today's meeting

I fully support this.

 

Bret

 

On May 19, 2022, at 8:46 AM, duncan sfractal.com <duncan@sfractal.com> wrote:

 

According to the process Chet outlined, we will need to (1) agree that we would like to have STIX and TAXII made into ITU standards (2) draft a letter to be sent by OASIS to itâs membership along the line of the text below. I drafted this to help with the discussion.

 

-- 

Duncan Sparrell

sFractal Consulting LLC

iPhone, iTypo, iApologize

I welcome VSRE emails. Learn more at 

http://vsre.info/

 

 

 

Dear OASIS members,

 

The members of the OASIS Cyber Threat Intelligence (CTI) Technical Committee (TC) [1] have requested that OASIS submit the following OASIS Standards:

 

STIX Version 2.1

OASIS Standard

10 June 2021

 

TAXII Version 2.1

OASIS Standard

10 June 2021

 

to ITU-T Study Group 17 [2] for approval as an ITU-T Recommendation under the attached Terms of Submission. OASIS has the appropriate liaison relationship with ITU-T SG-17 to make this submission.

 

The OASIS Liaison Policy [3] requires that management approve or reject the Request as meeting the policy's requirements; if it is accepted, the policy requires that the Request be posted for member review for 30 days, for comment on the proposed terms, before transmitting it to ITU-T. As the request has met the requirements, I now announce the member review.

 

Structured Threat Information _expression_ (STIX) Version 2.1 was approved as an OASIS Standard in June 2021 and is available here:

 

https://www.oasis-open.org/standard/stix-version-2-1/

 

Trusted Automated Exchange of Intelligence Information (TAXII) Version 2.1 was approved as an OASIS Standard in June 2021 and is available here:

https://docs.oasis-open.org/xacml/xacml-json-http/v1.1/os/xacml-json-http-v1.1-os.html

 

The request meets each of the applicable criteria of the Liaison Policy, and is attached to this message.

 

Member Review Period:

 

The member public review starts {date} at 00:00 GMT and ends {date} at 23:59 GMT.

 

This is an open invitation to OASIS members to comment on the proposed terms of submission, described in the Request. Comments may be submitted by any OASIS member to the TC by directing them to the oasis-member-discuss@lists.oasis-open.org mailing list. Members should not need to subscribe to the list; as each member should be able to use it automatically. If you have a problem posting to it, let us know.Ã Please direct any other questions to tc-administration@lists.oasis-open.org.

 

Comments submitted to that list are publicly archived and can be viewed at:

 

https://lists.oasis-open.org/archives/oasis-member-discuss/

 

========== Additional references:

 

[1] Cyber Threat Intelligence Technical Committee: https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cti

[2] ITU-T SG-17: https://www.itu.int/en/ITU-T/studygroups/2022-2024/17/Pages/default.aspx

[3] OASIS Liaison Policy:

https://www.oasis-open.org/policies-guidelines/liaison#submitwork

 

--