A new OASIS technical committee is being formed. The OASIS Heimdall Data Format (OHDF) Technical Committee (TC) has been proposed by the members of OASIS listed in the charter below. This is your invitation to join the TC and participate in the development of the specification if this is an area of interest to you. Note that contributions and technical discussions may not occur until the TC's first meeting, but introductions are welcome.
Â Â Â
The eligibility requirements for becoming a participant in the TC at the first meeting are:
(a) you must be an employee or designee of an OASIS member organization or an individual member of OASIS, and
(b) you must join the Technical Committee, which members may do by using the Roster "join group: link on the TC's web page at [a].
To be considered a voting member at the first meeting:
(a) you must join the Technical Committee at least 7 days prior to the first meeting (on or before 13 February 2023; and
(b) you must attend the first meeting of the TC, at the time and date fixed below (21 February 2023).
Participants also may join the TC at a later time. OASIS and the TC welcomes all interested parties.
Non-OASIS members who wish to participate may contact us about joining OASIS [b]. In addition, the public may access the information resources maintained for each TC: a mail list archive, document repository and public comments facility, which will be linked from the TC's public home page at [c].
Please feel free to forward this announcement to any other appropriate lists. OASIS is an open standards organization; we encourage your participation.
[b] See http://www.oasis-open.org/join/
âCALL FOR PARTICIPATIONâ
OASIS Heimdall Data Format (OHDF) Technical Committee Charter
The charter for this TC is as follows.
Section 1: TC Charter
(1)(a) TC Name
The OASIS Heimdall Data Format (OHDF) Technical Committee (TC)
(1)(b) Statement of Purpose
The purpose of the TC is to develop a standard format for exchanging normalized security data between cybersecurity tools. This data exchange specification will be called the OASIS Heimdall Data Format (OHDF).
In this context:
* 'Standardization' is the process of defining data elements in a consistent and contextualized manner.
* 'Normalization' is the process for mapping a format's data elements into another format's data elements.
Security tools typically generate data in unique formats that require multiple dashboards and utilities to process. This leads to a time-consuming process for completing security assessments, data in disparate locations and inconsistent semantics of a data element between formats. Furthermore, many security tools do not provide context to relevant compliance standards for comparison across security tools.
OHDF will provide a common data exchange format that:
* Enables the consistent integration, aggregation, and analysis of security data from all available sources
* Preserves data integrity with original source data
* Maximizes interoperability and data sharing
* Facilitates the transformation and transport of data between security/management processes or technologies
* Allows for the mapping and enrichment of security data to relevant compliance standards (GDPR, NIST SP 800-53, PCI-DSS, etc.)
The TC will update OHDF as industry needs evolve.
A standard vendor-agnostic data format supports cybersecurity product interoperability without the need for customized integrations.
Participating stakeholders and adaptors should benefit from this TC:
* For Commercial and Vendor Cybersecurity Partners, OHDF defines a standardized, interoperable target format that vendor tools can consume across their customer base consistently and that is easily managed within the product lifecycle.
* For the Open Source Community, OHDF enables easy integration with commercial solutions without the need for direct partnerships.
* For Government Agencies, OHDF can streamline business processes by having a standard, open source, machine-readable format for all security data.
* For Academia, OHDF offers a structured way to communicate and enhance research findings throughout the security community.
* For Corporate and Federal CISOs/CIOs, OHDF can increase visibility across the enterprise by taking advantage of normalized security data in a standard format that supports risk information interoperability from a broad range of inputs to support security risk decision-making.
* For Security Engineers, OHDF can reduce resource requirements for multiple security data types by standardizing formatting across disparate security tools.
* For Risk Managers, OHDF can improve decision making by using a standardized format to facilitate automation, standardize communication requirements, and inform risk-based analysis.
* For DevSecOps/Software Engineers, OHDF can streamline CI/CD processes by leveraging a standardized format to collate/aggregate normalized security data to support automated and continuous security processes.
The scope of work of the TC is to produce a specification that defines the OHDF format, as well as supporting documentation and open source content. The TC will draft specifications, lexicons, or other documents to allow exchange of security data in a standardized manner. The TC will leverage pre-existing standards to the greatest extent practical.
The TC will base its initial efforts on HDF specifications generated by The MITRE Corporation as part of the MITRE Security Automation Framework (MITRE SAF Â). MITRE SAF Â will contribute the open source specifications and related documentation developed for HDF to the OHDF TC.
Additionally, the TC will reference example implementations from MITRE SAF Â tooling for accessing and visualizing the data. It is expected that other organizations and interested individuals in the larger community will also develop implementations and tooling.
* An OASIS specification that defines the OASIS Heimdall Data Format (OHDF). (~6 months from start date)
* Other materials as necessary to ease adoption of the specification, such as: educational materials, supporting documentation, and open source content.
The OASIS Heimdall Data Format will be an evolving standard, and consequently this TC will continue to make changes and produce materials as required to adapt the format to any new security data considerations.
(1)(e) IPR Mode
This TC will operate under the Non-Assertion IPR mode as defined in Section 10.3 of the OASIS IPR Policy document.
* Corporate and Federal CISOs/CSOs
* Security data vendors
* Federal contractors
* National standards agencies and institutes, e.g., US National Institute of Standards and Technology (NIST)
(Optional References for Section 1)https://saf.mitre.org
(MITRE SAFÂ Home page)https://github.com/mitre/heimdall2/tree/master/libs/inspecjs
Section 2: Additional Information
(2)(a) Identification of Similar Work
The TC will consider the relationship of OHDF to the following standards:
* Asset Reporting Format (ARF) and Extensible Configuration Checklist Description Format (XCCDF) focuses on common configuration enumerations (CCE)
* Static Analysis Results Interchange Format (SARIF) describes common vulnerabilities and exposures (CVE) and common weakness enumerations (CWE)
* Open Command & Control (OpenC2) is a standardized language for the command and control of technologies that provide or support cyber defenses
* Posture Attribute Collection & Evaluation (PACE) is a project for understanding security posture which could benefit from OHDF as an input
* Structured Threat Information _expression_ (STIX) is a language and serialization format used to exchange cyber threat intelligence
* National Information Exchange Model (NIEM) is a standard for creating specific automated information exchanges within and across organizations and disciplines
Each of these specifications addresses a subset of the data exchange challenge. OHDF provides a way to preserve data from the aforementioned formats and allows for expanding their usability as described in this charter. The OHDF TC will consider how OHDF should interoperate with these standards, leveraging the strengths and specific use cases for each.
(2)(b) First TC Meeting
The first meeting of the TC will be held on 21 February 2023 at noon US eastern time. MITRE will host the meeting.
(2)(c) Ongoing Meeting Schedule
(2)(d) TC Proposers
* Mike Fraser, Sophos, Mike.Fraser@Sophos.com
* Andy Thomas, Sophos, Andy.Thomas@sophos.com
* Aaron Lippold, MITRE, firstname.lastname@example.org
* Brett Kreider, MITRE, email@example.com
* Eugene Aronne, MITRE, firstname.lastname@example.org
(2)(e) Primary Representatives' Support
* I, Joe Levy, as OASIS Primary Representative for Sophos, confirm our support for the OHDF TC proposed charter and approve participation by our participant named in the charter as a co-proposer.
* As OASIS primary representative for MITRE, I, Raj Rajagopal, confirm our support for the OHDF proposed Charter and endorse our participants listed above as named co-proposers.
(2)(f) TC Convener
* Aaron Lippold (MITRE)
(2)(g) Anticipated Contributions
* Finalizing the draft specification
* Eliciting additional requirements
* Proposing reference implementation tooling and utilities
(2)(i) FAQ Document
* MITRE Security Automation Framework (https://saf.mitre.org/#/normalize
(2)(j) Work Product Titles and Acronyms
* OHDF: OASIS Heimdall Data Format
Chief Technical Community Steward