The DHS Office of Cybersecurity and Communications, National Cybersecurity and Communications Integration Center, and US-CERT are leading efforts to automate and structure operational cybersecurity information sharing techniques across the globe:
- TAXII™, the Trusted Automated eXchange of Indicator Information;
- STIX™, the Structured Threat Information eXpression; and
- CybOX™, the Cyber Observable eXpression.
International in scope and free for public use, TAXII, STIX and CybOX are community-driven technical specifications designed to enable automated information sharing for cybersecurity situational awareness, real-time network defense and sophisticated threat analysis.
TAXII defines a set of services and message exchanges that, when implemented, enable sharing of actionable cyber threat information across organizational, product line and service boundaries. TAXII is not an information sharing program itself and does not define trust agreements, governance, or other non-technical aspects of collaboration. Instead, TAXII empowers organizations to share the information they choose with the partners they choose.
STIX is a collaborative effort to develop a standardized, structured language to represent cyber threat information. The STIX framework intends to convey the full range of potential cyber threat data elements and strives to be as expressive, flexible, extensible, automatable, and human-readable as possible. All interested parties are welcome to participate in evolving STIX as part of its collaborative community.
CybOX is a standardized schema for the specification, capture, characterization, and communication of events or stateful properties that are observable in all system and network operations. A wide variety of cybersecurity use cases rely on such information including event management/logging, malware characterization, intrusion detection/prevention, incident response, and digital forensics. CybOX aims to provide a common structure and content types for addressing cyber observables across this wide range of use cases to improve consistency and interoperability.
The Homeland Security (HS) System Engineering and Development Institute (SEDI), operated by the MITRE Corporation serves as the moderator of the STIX, TAXII and CybOX communities on behalf of the Department of Homeland Security.