OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

oasis-charter-discuss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Cybersecurity Standards User Council Proposal: Call for Comment

OASIS is preparing to launch the Cybersecurity Standards User Council. This will be a neutral forum for monitoring and influencing cybersecurity standards (STIX, TAXII, CSAF, OpenC2, and others) without directly participating in specification development.

OASIS members are invited to review the draft charter below, provide comments, and join the list of User Council Proposers. (See instructions at the conclusion of this message.) The comment period closes on 12 May 2017.

--- Charter --- 

(1)(a) Name: 

OASIS Cybersecurity Standards User Council

(1)(b) Statement of Purpose: 

The Cybersecurity Standards User Council provides a neutral forum in which users of cybersecurity products and services can influence and track standards without engaging in day-to-day specification development issues. 

User Council members voice concerns, discuss best practices, and identify common technical requirements that can be shared with OASIS Technical Committees including (but not limited to) the Cyber Threat Intelligence (CTI) TC, the Common Security Advisory Framework (CSAF) TC, and the Open Command and Control (OpenC2) TC.

(1)(c) Scope: 

The goals of the Cybersecurity Standards User Council are to:

·  Enable non-vendor organizations to contribute to cybersecurity standards in ways meaningful to them, such as articulating business requirements, mobilizing support for vertical specializations, and promoting adoption of common best practices;

·  Foster peer-based discussions where non-vendor organizations can exchange information on pain points and collaborate to address real-world problems;

·  Provide OASIS cybersecurity TCs with a direct mechanism for obtaining user feedback on technical disputes;

·  Increase adoption of cybersecurity standards (STIX, TAXII, CSAF, and others) and enable a robust ecosystem by engaging more end users in the process.

(1)(d) Deliverables

The Cybersecurity Standards User Council will determine, as part of their activities, the best means for documenting and sharing user scenarios, best practices, technical requirements, etc. with other interested parties, then create and publish such materials as best meets the Council's goals. The User Council may choose to conduct activities aimed at educating or soliciting feedback from non-members of OASIS.

(1)(e) IPR Mode

The User Council will operate under the terms of the Non-Assertion Mode as defined in the OASIS IPR Policy; however, the User Council does not expect to develop any work products that are subject to Non-Assertion obligations requirements.

(1)(f) Audience

Work of the Cybersecurity Standards User Council is expected to be of interest to OASIS Technical Committees engaged in cybersecurity issues and governmental, institutional, and commercial parties outside OASIS with a stake in greater cybersecurity.

The Cybersecurity Standards User Council is open to all OASIS members but is designed specifically as a forum for representatives of non-vendor organizations from financial services, healthcare, manufacturing, retail, aerospace, government, and other industry sectors that use products or services which support cybersecurity standards.

(1)(g) Language

The Cybersecurity Standards User Council will conduct its work in English; however, it may also choose to conduct activities or produce deliverables in other languages.

(2)(a) Identification of Similar Work

The Cybersecurity Standards User Council will pursue liaison relationships with end user communities represented by organizations such as FIRST.org, National Council of ISACs, and other groups.

(2)(b) First Meeting

The first official meeting of the members of the Cybersecurity Standards User Council will be held by teleconference on 26 June 2017. A chair or two co-chairs will be elected at this time.

The User Council will hold an open forum for members and non-members on 20 June 2017 in New York City in conjunction with the Borderless Cyber conference. The purpose of this forum will be to build support for the Council and solicit feedback from the community on needs, priorities, and preferred methods of working. User Council members are strongly encouraged but not required to attend this forum. The event will be chaired by Alexander Foley of Bank of America.

(2)(c) Ongoing Meeting Schedule

The User Council will convene monthly conference calls at a time to be determined by the members. Optional face-to-face meetings and public forums may be held in conjunction with the Borderless Cyber conference and other appropriate events at locations throughout the world.

(2)(d) Proposers

Initial Proposers of the User Council are:

·  Aetna: David Crawford, david.crawford@aetna.com
·  ANZ Bank: Dean Thompson, dean.thompson@anz.com
·  Atos: Joerg Eschweiler, joerg.eschweiler@atos.net
·  Bank of America: Alexander Foley, alexander.foley@bankofamerica.com
·  BMO Financial Group: Vicky Laurens, vicky.laurens@bmo.com
·  The Boeing Company: Crystal Hayes, crystal.l.hayes@boeing.com
·  JPMorgan Chase: David Laurance, david.c.laurance@jpmorgan.com
·  Kaiser Permanente: Mike Slavick, Michael.Slavick@kp.org

Additional Proposers for the Cybersecurity Standards User Council are welcome; contact join@oasis-open.org prior to 22 May 2017 for details.

The final list of Proposers will be published with the official Call for Participation; organizations may join the User Council as members or observers at any time after that announcement.

(2)(e) Primary Representatives' Support

These organizations have confirmed their support for the Cybersecurity Standards User Council and their intention to be represented in the group: Aetna, ANZ Bank, Bank of America, BMO Financial Group, The Boeing Company, JPMorgan Chase, and Kaiser Permanente.

(2)(f) Convener

Joerg Eschweiler, je@cybersecurityscout.eu


To comment on this charter, members should send email to: oasis-charter-discuss@lists.oasis-open.org.  Please include “Cyber User Council” in the subject line. All messages will be publicly archived at: http://lists.oasis-open.org/archives/oasis-charter-discuss/

The member comment period will remain open until 12 May 2017. All comments posted will be addressed by the User Council Proposers and acknowledged in a dispensation report which will be posted to the charter-discuss list by the convener. Comments received may be incorporated into the final charter.

The public Call for Participation will be issued approximately  two weeks after the close of this member comment period. The Call for Participation will conclude with the first meeting of the User Council.

To be included in the final list of Proposers for the Cybersecurity Standards User Council, contact join@oasis-open.org before the comment period ends.

Thanks for your continued support of new work at OASIS.


Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]