CACAO TC members are developing a standard to implement the course of action playbook model for cybersecurity operations.
In order to defend against cyber threats, organizations must manually identify, create, and document the prevention, mitigation, and remediation steps that, together, form a course of action playbook. However, today, there is is no standardized way to document and share these playbooks across organizational boundaries and technology solutions.
CACAO addresses this problem by defining a sequence of cyber defense actions that can be executed for each type of playbook. It will specifically enable organizations to:
- create course of action playbooks in a structured machine-readable format,
- digitally sign course of action playbooks,
- securely share course of action playbooks across organizational boundaries and technological solutions, and
- document processing instructions for course of action playbooks in a machine readable format.
For more information, see the CACAO TC Charter.