OASIS is preparing to launch the Cybersecurity Standards User Council. This will be a neutral forum for monitoring and influencing cybersecurity standards (STIX, TAXII, CSAF, OpenC2, and others) without directly participating in specification development.
OASIS members are invited to review the draft charter below, provide comments, and join the list of User Council Proposers. (See instructions at the conclusion of this message.) The comment period closes on 12 May 2017.
--- Charter ---
OASIS Cybersecurity Standards User Council
(1)(b) Statement of Purpose:
The Cybersecurity Standards User Council provides a neutral forum in which users of cybersecurity products and services can influence and track standards without engaging in day-to-day specification development issues.
User Council members voice concerns, discuss best practices, and identify common technical requirements that can be shared with OASIS Technical Committees including (but not limited to) the Cyber Threat Intelligence (CTI) TC, the Common Security Advisory Framework (CSAF) TC, and the Open Command and Control (OpenC2) TC.
The goals of the Cybersecurity Standards User Council are to:
· Enable non-vendor organizations to contribute to cybersecurity standards in ways meaningful to them, such as articulating business requirements, mobilizing support for vertical specializations, and promoting adoption of common best practices;
· Foster peer-based discussions where non-vendor organizations can exchange information on pain points and collaborate to address real-world problems;
· Provide OASIS cybersecurity TCs with a direct mechanism for obtaining user feedback on technical disputes;
· Increase adoption of cybersecurity standards (STIX, TAXII, CSAF, and others) and enable a robust ecosystem by engaging more end users in the process.
The Cybersecurity Standards User Council will determine, as part of their activities, the best means for documenting and sharing user scenarios, best practices, technical requirements, etc. with other interested parties, then create and publish such materials as best meets the Council's goals. The User Council may choose to conduct activities aimed at educating or soliciting feedback from non-members of OASIS.
(1)(e) IPR Mode
The User Council will operate under the terms of the Non-Assertion Mode as defined in the OASIS IPR Policy; however, the User Council does not expect to develop any work products that are subject to Non-Assertion obligations requirements.
Work of the Cybersecurity Standards User Council is expected to be of interest to OASIS Technical Committees engaged in cybersecurity issues and governmental, institutional, and commercial parties outside OASIS with a stake in greater cybersecurity.
The Cybersecurity Standards User Council is open to all OASIS members but is designed specifically as a forum for representatives of non-vendor organizations from financial services, healthcare, manufacturing, retail, aerospace, government, and other industry sectors that use products or services which support cybersecurity standards.
The Cybersecurity Standards User Council will conduct its work in English; however, it may also choose to conduct activities or produce deliverables in other languages.
(2)(a) Identification of Similar Work
The Cybersecurity Standards User Council will pursue liaison relationships with end user communities represented by organizations such as FIRST.org, National Council of ISACs, and other groups.
(2)(b) First Meeting
The first official meeting of the members of the Cybersecurity Standards User Council will be held by teleconference on 26 June 2017. A chair or two co-chairs will be elected at this time.
The User Council will hold an open forum for members and non-members on 20 June 2017 in New York City in conjunction with the Borderless Cyber conference. The purpose of this forum will be to build support for the Council and solicit feedback from the community on needs, priorities, and preferred methods of working. User Council members are strongly encouraged but not required to attend this forum. The event will be chaired by Alexander Foley of Bank of America.
(2)(c) Ongoing Meeting Schedule
The User Council will convene monthly conference calls at a time to be determined by the members. Optional face-to-face meetings and public forums may be held in conjunction with the Borderless Cyber conference and other appropriate events at locations throughout the world.
Initial Proposers of the User Council are:
Additional Proposers for the Cybersecurity Standards User Council are welcome; contact firstname.lastname@example.org
prior to 22 May 2017 for details.
The final list of Proposers will be published with the official Call for Participation; organizations may join the User Council as members or observers at any time after that announcement.
(2)(e) Primary Representatives' Support
These organizations have confirmed their support for the Cybersecurity Standards User Council and their intention to be represented in the group: Aetna, ANZ Bank, Bank of America, BMO Financial Group, The Boeing Company, JPMorgan Chase, and Kaiser Permanente.
The member comment period will remain open until 12 May 2017. All comments posted will be addressed by the User Council Proposers and acknowledged in a dispensation report which will be posted to the charter-discuss list by the convener. Comments received may be incorporated into the final charter.
The public Call for Participation will be issued approximately two weeks after the close of this member comment period. The Call for Participation will conclude with the first meeting of the User Council.
To be included in the final list of Proposers for the Cybersecurity Standards User Council, contact email@example.com
before the comment period ends.
Thanks for your continued support of new work at OASIS.
Director of Standards Development and TC Administration
OASIS: Advancing open standards for the information societyhttp://www.oasis-open.org
Primary: +1 973-996-2298
Mobile: +1 201-341-1393