Working group

The OpenC2 TC was chartered to draft documents, specifications, lexicons or other artifacts to fulfill the needs of cyber security command and control in a standardized manner. The Technical Committee will leverage pre-existing standards to the greatest extent practical, identifying gaps pertaining to the command and control of technologies that provide or support cyber defenses. The TC will base its initial efforts on artifacts generated by the OpenC2 Forum, a community of cyber-security stakeholders that was facilitated by the National Security Agency; the Forum has published a language description document (RC4), actuator profiles, and open source prototype implementations.

For more information on the OpenC2 TC, see the TC Charter.

OpenC2 TC standing rules can be found under Additional Information.

CACAO TC members are developing a standard to implement the course of action playbook model for cybersecurity operations.

In order to defend against cyber threats, organizations must manually identify, create, and document the prevention, mitigation, and remediation steps that, together, form a course of action playbook. However, today, there is is no standardized way to document and share these playbooks across organizational boundaries and technology solutions.

CACAO addresses this problem by defining a sequence of cyber defense actions that can be executed for each type of playbook. It will specifically enable organizations to:

1. create course of action playbooks in a structured machine-readable format,
2. digitally sign course of action playbooks,
3. securely share course of action playbooks across organizational boundaries and technological solutions, and
4. document processing instructions for course of action playbooks in a machine readable format.

For more information, see the CACAO TC Charter.

SARIF TC members are developing an interoperability standard for detecting software defects and vulnerabilities. The goal is to define a common output format for static analysis tools that will make it feasible for developers and teams to view, understand, interact with, and manage the results produced by all their tools.

SARIF represents a leap forward in the usability of static analysis tools. Many organizations in the safety and security communities use several competing tools on their code. SARIF will allow them to combine and compare the results more easily to gain a sharper picture of the issues in their code that need to be addressed. Engineering teams will be able to easily access a broad range of potential defects and vulnerabilities in compliance with privacy and accessibility standards. SARIF will support the development of products whose code spans languages and operating systems.

For more information, see the SARIF TC Charter.

Standardization of graphic character sets and their characteristics, including string ordering, associated control functions, their coded representation for information interchange and code extension techniques. Excluded: audio and picture coding.

SC 2 experts have been working hard to develop Universal Coded Character Set, ISO/IEC 10646, and related standards which are the fundamental basis of Information systems and being referred from every standard involving character-based information exchange and/or processing.

The first version of ISO/IEC 10646 standardized 32,884 characters and published in 1993. Edition 5 of it, the latest version currently under development, will cover over 130,000 characters.

SC2 will keep the quality and speed of its work to develop standards for a character. And close cooperation between SC2 and other all committees to develop standards involving character codes is essential.

3D Printing and scanning

Standardization of basic characteristics, test methods and other related items of products such as 2D and 3D Printers/Scanners, Copiers, Projectors, Fax and Systems composed of their combinations, excluding such interfaces as user system interfaces, communication interfaces and protocols.

SC 28 is one of the few product or hardware oriented subcommittees in the JTC 1 community. As such fundamental output of this group has been standards on product specification descriptors, methods for measurement of productivity of hardcopy devices, quality of hardcopy output and yield of consumables (ink and toner cartridges). SC 28 will continue the expansion of measurement methods for consumables and productivity. SC 28 will also extend the image quality assessment to support print permanence and durability. In 2015, due to the changing nature of market needs for office equipment and related technologies with increasing usage of 3D technology in the office environments, SC 28 enlarged its scope with including 3D Printers/Scanners. SC 28 will continue to monitor developments for 3D printers/scanners in the office/home space to identify areas for potential development to address customer needs. Not only 3D area, SC 28 starts to align its work program for IoT and accessibility with JTC 1 strategic directions where applicable.

Standards for data management within and among local and distributed information systems environments. SC 32 provides enabling technologies to promote harmonization of data management facilities across sector-specific areas. Specifically, SC 32 standards include:

• reference models and frameworks for the coordination of existing and emerging standards;
• definition of data domains, data types, and data structures, and their associated semantics;
• languages, services, and protocols for persistent storage, concurrent access, concurrent update, and interchange of data;
• methods, languages, services, and protocols to structure, organize, and register metadata and other information resources associated with sharing and interoperability, including electronic commerce.

The use of containers and microservices have been increasingly implemented in organizations. This increase in popularity can be attributed to the ease with which they move through a lifecycle allows for efficient restart, scale-up or scale-out of applications across clouds. However, these unique characteristics also mean there are distinct security ramifications which must be considered. The mission of the CSA Application Containers and Microservices working group is to conduct research on the security of application containers and microservices and publish guidance and best practices for the secure use of application containers and microservices. This working group is building upon the work done by the joint NIST/CSA Applications Container Security Guidance Developed by the NIST Cloud Security Working Group.

IEEE 802.11 is part of the IEEE 802 set of LAN protocols, and specifies the set of media access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) Wi-Fi computer communication in various frequencies, including but not limited to 2.4 GHz, 5 GHz, and 60 GHz frequency bands.

The 802.15 Working Group (WG) on Wireless Specialty Networks (WSN) focuses on the development of open consensus standards addressing wireless networking for the emerging Internet of Things (IoT), allowing these devices to communicate and interoperate with one another, mobile devices, wearables; Optical Wireless Communications (OWC), Autonomous Vehicles, etc . The goal is to publish standards, recommended practices, or guides that have broad market applicability and deal effectively with the issues of coexistence and interoperability with other wired and wireless networking solutions. The WG has completed a large body of work. Many of its standards, particularly IEEE Std. 802.15.4, are widely deployed around the world. The WG strives to be an incubator for new technologies and applications and has published the first standard utilizing the THz RF frequency bands for high speed wireless interconnection and reconfiguration of data centers.  802.15 is also the first organization to produce global standards for OWC.

The IEEE 802.16 Working Group on Broadband Wireless Access Standards developed standards and recommended practices to support the development and deployment of broadband Wireless Metropolitan Area Networks and is currently in an inactive state of hibernation. IEEE 802.16 is a unit of the IEEE 802 LAN/MAN Standards Committee.

The IEEE 802.18 Radio Regulatory Technical Advisory Group ("RR-TAG") supports the work of the IEEE 802 LMSC and the IEEE 802 wireless Working Groups - IEEE 802.11 (WLAN), IEEE 802.15 (WSN), IEEE 802.16 (WMAN), IEEE 802.20 (Wireless Mobility), IEEE 802.21 (Handoff/Interoperability Between Networks), and IEEE 802.22 (WRAN) - by actively monitoring and participating in radio regulatory matters worldwide as an advocate for IEEE 802.