Home / News / US-CERT’s Brad Nix: DHS to Use STIX, TAXII for Cyber Info Sharing

US-CERT’s Brad Nix: DHS to Use STIX, TAXII for Cyber Info Sharing

CyberStockThe Department of Homeland Security‘s U.S. Computer Emergency Readiness Team plans to implement a new approach to cybersecurity information sharing through automation, Federal News Radio reported Thursday.

Jason Miller writes that US-CERT Deputy Director Brad Nix said the agency will use the Structured Threat Information eXpression and Trusted Automated eXchange of Indicator Information technical specifications within the next few months.

Nix told the station that STIX and TAXII will work alongside existing standards to support a structured cloud-based information-sharing program.

“The idea behind the use of the cloud for the STIX/TAXII server is to enable the access to the information with the appropriate level of control so that organizations can submit information but also can retrieve information that is relevant to them,” he said.

“We want to set up an environment that is risk rated at the right level to facilitate the sharing of information, but still provides the appropriate levels of confidentiality, integrity and availability controls that would be required for an organization that actually depends on the information.”

Miller reports that DHS has been testing STIX and TAXII for the past two years.

Nix noted that the department also continues to work toward greater trust between the private and public sectors through the Cyber Information Sharing and Collaboration Program.

Check Also

GSA’s New Pilot Program Aims to Bolster eBuy Marketplace Transparency; Emily Murphy Quoted

The General Services Administration has initiated a new pilot program intended to get more firms to sell products and services on the agency's eBuy federal marketplace. The one-year program would publicly disclose associated, post-award request-for-quote information on FedBizOpps in a move to increase eBuy's transparency, the GSA said Wednesday.

Leave a Reply

Your email address will not be published. Required fields are marked *