RE: [cti] EUROPE adopts STIX and TAXII

["JE" <je@cybersecurityscout.eu>]

Dear all,

 

The listing was based on Regulation (EU) No. 1025/2012 on European standardisation (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2012:316:0012:0033:EN:PDF) that lays down in its Article 13 the procedure for the identification of ICT technical specifications which are not issued by European, international or national standardisation organisations but that still could be referenced in public procurement acts by public authorities, provided that these ICT specifications comply with the requirements set by Annex II of the Regulation. The process was supported by Freddy/EclecticIQ, Trey/NewContext and myself to cover the part of external expert consultation … of course we have governance procedures for this in EU as well ,-) This does not make use of STIX/TAXI as feature or using products being compliant to it mandatory but is the first step as it is now on the list of eligible features/supported spec to be evaluated as a decisive feature/functionality. First and important step to open an eco system.

 

In addition to what Tony contributed form the ETSI perspective the I took similar steps within European standardization work (mandated by council and parliament) within Cyber Security Focus Group (see https://www.cencenelec.eu/standards/sectors/defencesecurityprivacy/security/pages/cybersecurity.aspx) and upcoming CEN/CENELEC TC 13 which is about strategic advisory on where/how to standardize in close cooperation with ENISA. Also keeping relation and exchange with ETSI but working based on a EU mandate. If STIX/TAXI would be already “accredited” by eligible national or international standard organization like NIST or ISO we could easily have it transferred into a matching European standard as we did already with some of the ISO standards on e.g. IT forensics. But actually as STIX/TAXI is more about protocol and structured language it still would have to be evaluated if it makes sense to lift it in this level of standardization or rather produce a more generic standard which could be met then by utilizing STIX/TAXI.

 

Happy to elaborate further p2p or provide an overview on the European standardization landscape when possibly meeting f2f during RSA Conference in SF.

 

Cheers from Germany,

Joerg

 

 

 

From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On Behalf Of Tony Rutkowski
Sent: Wednesday, January 10, 2018 13:02
To: Jason Keirstead <Jason.Keirstead@ca.ibm.com>; Chet Ensign <chet.ensign@oasis-open.org>
Cc: Carol Cosgrove-Sacks <carol.cosgrove-sacks@oasis-open.org>; OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
Subject: Re: [cti] EUROPE adopts STIX and TAXII

 

Jason,

This occurred because those platforms were introduced at their inception into the ETSI Technical Committee on Cyber Security (TC CYBER) via the OASIS-ETSI MoU.  TC CYBER took several steps.  It included the platforms within a Technical Report on structured information sharing.  See TR 103331.  It then explicitly included the platforms in a published Technical Report that the platforms are essential to the EU implementation of the Network Information Security (NIS) Directive.  See TR 103456.   This was an especially significant step because of ETSI's formal relationship with the EU.  Within the EU governance system, ETSI enjoys special status somewhat unique special status as (along with CEN/CENELEC) the designated standards body for sector standards among EU Member countries.

It also published the specifications within two other published works (TR 103303 on critical infrastructure protection and TR103303, the Global Cyber Security Ecosystem encyclopedic work, worked jointly with ENISA to make a similar recommendation.  Lastly, it also highlighted the platforms at the annual ETSI Security Week workshops over the past three years which include representatives from the EC and most EU Members.   The work also continues.  At the next plenary meeting in February, TR 103333 is being updated to include the latest OASIS CTI specification developments.

All the documents are publicly, freely available and well-versioned with persistent identifiers at ETSI's document site.  See https://portal.etsi.org/webapp/WorkProgram/SimpleSearch/QueryForm.asp
The portal for all technical committee groups, including the massive ensemble of 3GPP which develops the world's mobile communication standards, and for NFV, among others, is at https://portal.etsi.org/

--tony (ETSI-OASIS liaison, work item rapporteur, and ENISA expert at work)

 

On 09-Jan-18 3:16 PM, Jason Keirstead wrote:

I don't know anything at all about this process - but I noticed it specifically mentions the STIX 1.2 and TAXII 1.1 versions.

        ‘Structured Threat Information _expression_’ (‘STIX 1.2’) and ‘Trusted Automated Exchange of Indicator Information’ (‘TAXII 1.1’) developed by the Organization for the Advancement of Structured Information Standards (‘OASIS’).

How would we get STIX 2.0 and TAXII 2.0 added to this? Anyone have any ideas? Or does it matter? Anyone have insights?


-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security

"Things may come to those who wait, but only the things left by those who hustle." - Unknown




From:        Chet Ensign <chet.ensign@oasis-open.org>
To:        Carol Cosgrove-Sacks <carol.cosgrove-sacks@oasis-open.org>
Cc:        OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
Date:        01/09/2018 03:59 PM
Subject:        Re: [cti] EUROPE adopts STIX and TAXII
Sent by:        <cti@lists.oasis-open.org>

---

Let me add my congratulations folks. You've worked hard these past years. Seeing you get this recognition is a great start to 2018! 

Good work! 

/chet

On Tue, Jan 9, 2018 at 2:56 PM, Carol Cosgrove-Sacks <carol.cosgrove-sacks@oasis-open.org> wrote:
Dear Members of the CTI TC,

I have just been informed  that the EU has made a formal Decision to recognize the use of STIX 1.2 and TAXII 1.1 for use in public procurement.


Please see Commission Implementing Decision (EU) 2017/2288 of 11 December 2017:  http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1515520575463&uri=CELEX:32017D2288

Congratulations! This Decision covers all 28 EU countries and is also applied by the 4 EFTA countries.*

I am delighted that your excellent work has received such high level recognition.

Dr Carol Cosgrove-Sacks
Senior Advisor on International Standards Policy
OASIS

 

*(EU: Austria, Belgium,  Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland,  France, Germany, Greece, Hungary, Ireland,  Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and United Kingdom;

EFTA: Iceland, Liechtenstein, Norway and Switzerland.)

--




--

/chet 
----------------
Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society
http://www.oasis-open.org

Primary: +1 973-996-2298
Mobile: +1 201-341-1393