New Versions of STIX and TAXII Approved as OASIS Standards to Enable Automated Exchange of Cyber Threat Intelligence

Governments and Companies from Around the World Collaborate to Advance Key Cybersecurity Standards

Consumers of threat intelligence should be demanding that their vendors support STIX 2.1 and TAXII 2.1.”

— Rich Struse of Mitre Engenuity and OASIS CTI TC Co-Chair

BOSTON, MA, USA, July 14, 2021 / — OASIS Open and members of the Cyber Threat Intelligence (CTI) Technical Committee are pleased to announce that Structured Threat Information Expression (STIX) v2.1 and Trusted Automated Exchange of Intelligence Information (TAXII) v2.1 have been approved as OASIS Standards. STIX and TAXII are widely used to prevent and defend against cyberattacks by enabling threat intelligence to be analyzed and shared among trusted partners and communities.

The STIX standard defines a language for sharing structured threat intelligence in a consistent, machine-readable manner, allowing companies to anticipate and respond to attacks faster and more effectively. STIX v2.1 adds new objects and concepts and incorporates improvements based on experience implementing v2.0. The objects and features added for inclusion represent an iterative approach to fulfilling basic consumer and producer requirements for CTI sharing.

TAXII is the transportation protocol specifically designed to support the exchange of STIX data over Hypertext Transfer Protocol Secure (HTPS). TAXII enables organizations to share CTI by defining an API that aligns with common sharing models.

“This is the culmination of years of hard work by many people in the OASIS Cyber Threat Intelligence (CTI) Technical Committee. We’ve strived to give the community a good set of interoperable tools that are relatively easy to implement, scalable, and extensible enough to actually represent the kind of threat intelligence that people care about,” explained OASIS CTI TC Co-Chair, Rich Struse of Mitre Engenuity. “All of the major cybersecurity companies at this point leverage STIX 2 and TAXII 2 for the exchange of indicators. Consumers of threat intelligence should be demanding that their vendors support STIX 2.1 and TAXII 2.1. These are full OASIS International Standards that can be used to secure our organizations, our sectors, and our countries. We need to be focused on using them to solve actual cybersecurity problems and to help thwart future cyber attacks.”

“It’s critical to have STIX 2.1 and TAXII 2.1 become full OASIS Standards at this inflection point, when there’s such a need for flexible and faster information sharing to shut down global cybersecurity threats,” said Trey Darley of the Belgian Federal Cyber Emergency Team,, who co-chairs the OASIS CTI TC. “OASIS has given us the ability to create a scalable and sustainable community where like-minded, passionate people come together to solve problems. We built the foundation for interoperability, future-proofed it, and opened it up for new classes of security countermeasures…we’ve barely begun to scratch the surface.”

Watch Open Matters: Cybersecurity & The Evolution of STIX & TAXII on the OASIS YouTube Channel.

Support for STIX AND TAXII v2.1
See executive quotes from Accenture, Anomali, Copado, Cyware, EclecticIQ, IBM, SEKOIA, Sopra Steria, and ThreatQuotient in the full press release.

Additional Information
OASIS CTI Technical Committee:

OASIS Open, one of the most respected nonprofit open source and open standards bodies in the world, is where individuals, organizations, and governments come together to solve technical challenges through open collaboration. OASIS offers projects – including open source projects – a path to standardization and de jure approval for reference in international policy and procurement. OASIS has a broad technical agenda encompassing cybersecurity, blockchain, privacy, cryptography, cloud computing, IoT – any initiative for developing code, APIs, specifications or reference implementations can find a home at OASIS.

Media Inquiries

Carol Geyer
+1 941-284-0403
email us here
Visit us on social media:

Open Matters: Cybersecurity & The Evolution of STIX & TAXII

You just read:

News Provided By

July 14, 2021, 14:19 GMT

EIN Presswire’s priority is source transparency. We do not allow opaque clients, and our editors try to be careful about weeding out false and misleading content. As a user, if you see something we have missed, please do bring it to our attention. Your help is welcome. EIN Presswire, Everyone’s Internet News Presswire™, tries to define some of the boundaries that are reasonable in today’s world. Please see our Editorial Guidelines for more information.