General Documents

CTI-TC Cover Page The list of current STIX and TAXII documents in Google Docs
TC Roadmap Current roadmap items, their status, and their proposed release target

Individual Specification Documents

STIX 2.1 Specification

HTML PDF Word Description
STIX 2.1 Specification STIX 2.1 Specification STIX 2.1 Specification Defines concepts and structure of the STIX language, domain objects, relationship objects, cyber observable objects, and meta objects. Defines the patterning language to enable the detection of possibly malicious activity on networks and endpoints

Note: This version of the specification is no longer a multipart document. Older STIX 2.1 documents can be found here

TAXII 2.1 Specification

HTML PDF Word Description
TAXII 2.1 Specification TAXII 2.1 Specification TAXII 2.1 Specification Defines the TAXII RESTful API and its resources along with the requirements for TAXII Client and Server implementations

STIX/TAXII 2.1 Interoperability Documents

HTML PDF Word Description
TAXII 2.1 Interoperability Test Document Version 1.0 TAXII 2.1 Interoperability Test Document Version 1.0 TAXII 2.1 Interoperability Test Document Version 1.0 This document provides detailed requirements on how product implementers within the threat intelligence ecosystem may demonstrate TAXII 2.1 interoperability compliance.
STIX 2.1 Interoperability Test Document Version 1.0 STIX 2.1 Interoperability Test Document Version 1.0 STIX 2.1 Interoperability Test Document Version 1.0 This document provides detailed requirements on how producers of products within the threat intelligence ecosystem may demonstrate STIX 2.1 interoperability compliance.

STIX 2.0 Specification

HTML PDF Word Description
Part 1: STIX Core Concepts Part 1: STIX Core Concepts Part 1: STIX Core Concepts Defines concepts that apply across all of STIX and defines the overall structure of the STIX language
Part 2: STIX Objects Part 2: STIX Objects Part 2: STIX Objects Defines the set of domain objects and relationship objects that STIX uses to represent cyber threat information
Part 3: Cyber Observables Core Concepts Part 3: Cyber Observables Core Concepts Part 3: Cyber Observables Core Concepts Defines concepts that apply across all of STIX Cyber Observables
Part 4: Cyber Observable Objects Part 4: Cyber Observable Objects Part 4: Cyber Observable Objects Defines a set of cyber observable objects that can be used in STIX and elsewhere
Part 5: STIX Patterning Part 5: STIX Patterning Part 5: STIX Patterning Defines a patterning language to enable the detection of possibly malicious activity on networks and endpoints

TAXII 2.0 Specification

HTML PDF Word Description
TAXII 2.0 Specification TAXII 2.0 Specification TAXII 2.0 Specification Defines the TAXII RESTful API and its resources along with the requirements for TAXII Client and Server implementations

STIX/TAXII 2.0 Interoperability Documents

HTML PDF Word Description
Part 1: STIX/TAXII 2.0 Interoperability Test Document Part 1: STIX/TAXII 2.0 Interoperability Test Document Part 1: STIX/TAXII 2.0 Interoperability Test Document Document that provides detailed requirements on how producers of products within the threat intelligence ecosystem may demonstrate conformity with STIX/TAXII 2.0 if they wish to self-certify that their software is verified as interoperable
Part 2: STIX/TAXII 2.0 Interoperability Test Document Part 2: STIX/TAXII 2.0 Interoperability Test Document Part 2: STIX/TAXII 2.0 Interoperability Test Document Document that provides detailed requirements on how producers of products within the threat intelligence ecosystem may demonstrate conformity with STIX/TAXII 2.0 if they wish to self-certify that their software is verified as interoperable

OASIS CTI TC Open Repositories

cti-documentation GitHub Pages site for STIX and TAXII
cti-marking-prototype Prototype for processing granular data markings in STIX (archived)
cti-pattern-matcher Match STIX content against STIX patterns
cti-pattern-validator Validate patterns used to express Cyber Observable content in STIX Indicators
cti-python-stix2 Python APIs for STIX 2
cti-sep-repository Collection of STIX Enhancement Proposals (archived)
cti-common-objects Collection of commonly used STIX 2.1 objects and extensions
cti-stix-elevator Convert STIX 1 XML to STIX 2 JSON
cti-stix-generator Tool for generating random STIX content for prototyping and testing
cti-stix-slider Convert STIX 2 JSON to STIX 1 XML
cti-stix-validator Validator for STIX 2 JSON normative requirements and best practices
cti-stix-visualization Lightweight visualization for STIX 2 objects and relationships
cti-stix2-json-schemas Non-normative STIX schemas and examples
cti-taxii-client TAXII 2 Client Library Written in Python
cti-taxii-server TAXII 2 Server Library Written in Python
cti-training Collection of CTI-related training materials

Other Resources

FreeTAXII YouTube Channel Informational videos about STIX/TAXII - Not affiliated with OASIS
STIX 2 Preferred Program Self-Certification Program for STIX/TAXII
Introduction to STIX Brief intro to STIX and what it is used for
Introduction to TAXII Brief intro to TAXII and what it is used for