5.2. OASIS OPEN

The OASIS OPEN mission is to ‘advance the fair, transparent development of open source software and open standards through the power of global collaboration and community’. Participation in OASIS is open and its work is supported by annual sponsorship and membership dues.

OASIS Open is a non-profit standard body where individuals, organisations, and governments collaborate to solve technical challenges through the development of open code and open standards. OASIS Open offers projects – including open source projects – a path to standardisation and de jure approval for reference in international policy and procurement. 

People and organisations join OASIS to advance projects for cybersecurity, blockchain, IoT, emergency management, cloud computing, legal data exchange, and more. 

Examples of Technical Committees (TC) working on cybersecurity standards include:

• Open Command and Control (OpenC2) TC, is creating a standardised language for the command and control of technologies that provide or support cyber defences.
• Collaborative Automated Course of Action Operations (CACAO) for Cybersecurity TC is developing a standard to implement the course of action playbook model for cybersecurity operations. 
• Cyber Threat Intelligence (CTI) TC is supporting automated information sharing for cybersecurity situational awareness, real-time network defence, and sophisticated threat analysis. The TC is developing and standardising under the OASIS open standards process: STIX (Structured Threat Information Expression), TAXII (Trusted Automated Exchange of Indicator Information), and CybOX (Cyber Observable Expression).
• Common Security Advisory Framework (CSAF) TC: Standardising automated disclosure of cybersecurity vulnerability issues.