Uploaded image for project: 'Technical Committee Administration'
  1. Technical Committee Administration
  2. TCADMIN-4347

Request a TC GitHub be created for OASIS Heimdall Data Format (OHDF) TC



    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Labels:
    • Environment:



      Your name:
        Stefan Hagen
      Project name:
        OASIS Heimdall Data Format (OHDF) TC
      Project email address:
      GitHub repository name:
        The purpose of this repository is to support version control for Work Product artifacts developed by members of the OASIS Heimdall Data Format (OHDF) TC,
      including prose specification editing and secondary artifacts like meeting minutes, productivity code, etc.
      The TC's proposal and approval is available online per [email to the TC mailing list](https://lists.oasis-open.org/archives/ohdf/202304/msg00014.html)) and in the JIRA request form.
      Purpose statement:
        The OHDF TC's goal is to develop a common format for exchanging normalized security data between cybersecurity tools.
      A standard vendor-agnostic data format will support cybersecurity product interoperability without having to create customized integrations.

      Security tools typically generate data in unique formats that require multiple dashboards and utilities to review.
      This leads to a time-consuming process for completing security assessments, data in disparate locations and inconsistent semantics of data elements across formats.
      In addition, few security tools provide context to relevant compliance standards for comparison across security tools.

      OHDF provides a common data exchange format that:

      • Enables the consistent integration, aggregation, and analysis of security data from all available sources
      • Preserves data integrity with original source data
      • Maximizes interoperability and data sharing
      • Facilitates the transformation and transport of data between security/management processes or technologies
      • Allows for the mapping and enrichment of security data to relevant compliance standards (GDPR, NIST SP 800-53, PCI-DSS, etc.)

      The TC will update OHDF as industry needs evolve.

      Numerous stakeholders and adopters can benefit from the work of the OHDF TC:

      • For Commercial and Vendor Cybersecurity Partners, OHDF defines a standardized, interoperable target format that vendor tools can consume
        across their customer base consistently and that is easily managed within the product lifecycle.
      • For the Open Source Community, OHDF enables easy integration with commercial solutions without the need for direct partnerships.
      • For Government Agencies, OHDF can streamline business processes by having a standard, open source, machine-readable format for all security data.
      • For Academia, OHDF offers a structured way to communicate and enhance research findings throughout the security community.
      • For Corporate and Federal CISOs/CIOs, OHDF can increase visibility across the enterprise by taking advantage of normalized security data
        in a standard format that supports risk information interoperability from a broad range of inputs to support security risk decision-making.
      • For Security Engineers, OHDF can reduce resource requirements for multiple security data types by standardizing formatting across disparate security tools.
      • For Risk Managers, OHDF can improve decision making by using a standardized format to facilitate automation,
        standardize communication requirements, and inform risk-based analysis.
      • For DevSecOps/Software Engineers, OHDF can streamline CI/CD processes by leveraging a standardized format to collate/aggregate
        normalized security data to support automated and continuous security processes.
          Aaron Lippold, alippold@mitre.org, aaronlippold, Mitre Corporation
        Stefan Hagen, stefan@hagen.link, sthagen, Individual Member
          Mike Fraser (Co-Chair) will provide his GitHub handle for maintaining the repository directly per email to administration:
        Mike Fraser, mike.fraser@sophos.com , , Sophos Ltd
        [1] ohdf@lists.oasis-open.org
        [2] https://lists.oasis-open.org/archives/ohdf/202304/msg00014.html




            • Assignee:
              chet-oasis Chet Ensign
              sdrees Stefan Hagen
            • Watchers:
              2 Start watching this issue


              • Created: