Request For Comment
The request for comment period for this draft concluded on Saturday, August 18. All comments are currently under review and adjudication by working groups. Comments received after the August 18th deadline are welcomed and may be included in future adjudication and revision periods.
The purpose of this document is to provide a description and implementation guideline for automating key elements of the cyber threat intelligence lifecycle process of collection, identification, ingesting, processing, and correlation to establish derived actions. As envisioned, the document is targeted at organizations wanting to automate and use cyber threat intelligence processes for defending their enterprise. This document is equally useful to Information Sharing and Analysis Organization (ISAO) members and the ISAOs that are participating or considering participation in automated sharing efforts.
This document comprises a technical discussion and guidelines to assist organizations implementing automated cyber threat intelligence information sharing and its utilization in mitigating cybersecurity risks. Intelligence efforts have been generally characterized as strategic, operational, or tactical. This guide is focused on the area of tactical intelligence utilization that can benefit an enterprise and is dependent on an information-sharing ecosystem that can support automated sharing of cyber threat intelligence.
Throughout the document, the terms cybersecurity information sharing and information sharing are used synonymously.