OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

emergency message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Conceptual threat/risk models and CTI/STIX

Oasis EDXL Stakeholders,

As many of you know, we are concurrently working on a specification within the Object Management Group (OMG) for an operational threats and risks model. The submission team has just released the second draft revision of this specification which we are releasing publicly for comment and community building as it works its way through the OMG process. We expect one more major revision prior to adoption.


The focus of this effort is different from Oasis CTI in three ways:

·         It is an “all threats/all risks” model inclusive of cyber and physical. STIX has been and will continue to be a major input into this effort for both general and cyber specific concerns. The intent of this broad scope is the federation of information from and between multiple domains such as Cyber, Critical Infrastructure, Law Enforcement, Emergency Management, Safety Engineering, Terrorist Prevention and others. As such the information for a particular domain is less detailed but more general as it focuses on what would be of interest across these domains and communities as we deal with sophisticated multi-dimensional attacks.

·         The foundation is a semantic conceptual model in UML, not a data model. Threat/risk defines no new exchange formats but provides the “semantic glue” between the many formats we have in different communities, both standards based and proprietary. This allows for federating and analyzing information from multiple sources as well as translating information between formats.

·         It brings together the more tactical “situational awareness” perspectives with enterprise and system risk management.


The other mappings included are NIEM (From the Justice/Public Safety Community) and NIST 800-53. We expect to add others over time, including Oasis EDXL.



This is a draft specification and input and engagement from the STIX community is welcome. Artifacts are available here:

·         Specification Document (PDF): http://www.threatrisk.org/spec/RevisedSubmission/Revised%20Operational%20Threat%20Risk%20Submission.pdf

·         Specification Document (.DOC): http://www.threatrisk.org/spec/RevisedSubmission/Revised%20Operational%20Threat%20Risk%20Submission.doc

·         Specification .ZIP with all models: http://www.threatrisk.org/spec/RevisedSubmission/Revised%20threat-risk%20Submission%20machine%20readable%20files.zip

·         Community portal: http://threatrisk.org/drupal/


We look forward to working together!

The threat/risk submission team.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]