130 likes | 145 Views
www.oasis-open.org. CTI STIX SC Monthly Meeting. September 30, 2015. www.oasis-open.org. Agenda. STIX 1.2.1 specs Status Next Steps STIX 2.0 Status Use Cases Issue Trackers Open discussion if time allows. STIX 1.2.1 specification status.
E N D
www.oasis-open.org CTI STIX SCMonthly Meeting September 30, 2015
www.oasis-open.org Agenda • STIX 1.2.1 specs • Status • Next Steps • STIX 2.0 • Status • Use Cases • Issue Trackers • Open discussion if time allows
STIX 1.2.1 specification status • Full multipart specification drafts completed and submitted for SC review – 9/24/15 • SC review goals focused on • SC member awareness of specification form and content • SC member familiarity with OASIS format • Identify editorial issues • NOT focus on substantive issues • STIX SC review period ends 10/2/15 • STIX Version 1.2.1 Part 1: Overview. • STIX Version 1.2.1 Part 2: Common. • STIX Version 1.2.1 Part 3: Core. • STIX Version 1.2.1 Part 4: Indicator. • STIX Version 1.2.1 Part 5: TTP. • STIX Version 1.2.1 Part 6: Incident. • STIX Version 1.2.1 Part 7: Threat Actor. • STIX Version 1.2.1 Part 8: Campaign. • STIX Version 1.2.1 Part 9: Course of Action. • STIX Version 1.2.1 Part 10: Exploit Target. • STIX Version 1.2.1 Part 11: Report. • STIX Version 1.2.1 Part 12: Extensions. • STIX Version 1.2.1 Part 13: Data Marking. • STIX Version 1.2.1 Part 14: Vocabularies. • STIX Version 1.2.1 Part 15: UML Model. • Uml Model Serialization • XMI files • Diagrams
STIX 1.2.1 specification next steps • Review any SC review comments and make appropriate modifications • Call a vote for SC approval of specification drafts • Repackage and upload content to TC internal site • Notify TC chair that specification drafts have been approved by SC • TC chair calls a TC meeting so a vote can be held to approve them as a Committee Specification Public Review Draft • TC will follow process for issuing as a Committee Specification Public Review Draft including 30 day public review period • After 30 day public review period TC will dispose of any comments then call for a TC Special Majority Vote to approve the documents as a Committee Specification. • At this point STIX 1.2.1 will be official • TC will likely continue further progression as an OASIS Standard
STIX 2.0 • Will officially kickoff once 1.2.1 specs handed off to TC (hopefully next week) • We will need to select editors • Deliberative process will begin • Use Cases • Issue Trackers
Use Cases • Need for high-level use cases to understand and scope the domain we are looking to serve • Need for more detailed use cases to understand specific information needs to drive to structural decisions • Reality Check: the infosec domain relying on CTI is non-trivial and WILL involve a substantial number of use cases
Use Cases • We will need everyone to be involved in identifying, fleshing out, discussing and deciding on use cases • This will be done using the STIXProject/use-cases wiki on github • Separate wiki page for each use case using simple template similar to one used across SCs
Use Case Template • Use case title (replace with your title) • Abstraction Level (High, Medium or Low): High (replace with your value) • Related Use Cases: Related use case (replace with your content) • Description: Use case objective and flow description (replace with your content) • Stakeholders/Goals: • Stakeholder: Stakeholder description (replace with your content) • Goal: Goal description (replace with your content) • Preconditions: • Precondition description (replace with your content) • Dependencies: • Dependency description (replace with your content) • Main Success Scenario: • Scenario description (replace with your content)
Use Cases • Wiki home page contains template as well as initial taxonomy of high-level use cases and more fleshed out taxonomy of more detailed use cases • Current taxonomies are a starting point based on community identified use cases that have resulted in the current expressivity and capability that is in STIX today • Caveat: the taxonomies are NOT complete. Please add as appropriate • Caveat: the large majority of use cases in the taxonomy are currently only titles and need iteratively fleshed out • When editing existing use cases please try to add your thoughts with attribution rather than just changing others content
Use Case Scoping Considerations • Scoping decisions will likely be part of use case analysis • Proposed additions • Proposed removals • We will need to agree on criteria for these decisions • Proposal: Bias towards status quo • Clear justification and rough consensus needed to add new considerations (work) • Clear justification and strong consensus needed to remove existing capability (break things for people depending on these capabilities)
Issue Trackers • Immediate need for SC members to conduct their own triage of current issue trackers • Add new entries for desired issues not covered • Add comments to existing issues • Identify issues you think should be in scope for 2.0 • Assert your prioritization of issues by importance • After 2.0 kickoff we can • analyze/normalize issues • identify initial consensus scoping • map to use cases • prioritize based on importance and dependence • focus on 1-3 issues at a time
Reminder of STIX SC work processes • Under formal governance our work will need to be open, deliberative, ordered and tracked. • Encourage ideas and discussion but caution that consensus and decisions will need to follow process. • Please keep talking. :-) • Encourage contributions beyond just thoughts • As work product efforts are stood up, editors will be needed • Contributions of use cases, conceptual models, schema structures, normative or informative language suggestions, test data, etc. will be invaluable to collaborative progression • MITRE folks will continue to be involved but we will need a broader base of active contributors going forward
Next meeting • Wednesday, October 21st @ 2:00pm EDT