OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TC
Defining the standard for implementing course of action playbooks for cybersecurity operations.
Allan Thomson, Chair
Bret Jordan, bret.jordan.sdo@gmail.com, Chair
Vasileios Mavroeidis, vasileim@ifi.uio.no, Secretary
Table of Contents
- Announcements
- Overview
- Technical Work Produced by the Committee
- Other Work Produced by the Committee
- Subcommittees
- TC Liaisons
- TC Tools
- TC Work In Progress
- OASIS Open Source Repositories Sponsored by the Committee
- External Resources
- Mailing Lists and Comments
- Press Coverage and Commentary
- Additional Information
The press release announcing the approval of CACAO Security Playbooks v2.0 as a Committee Specification is available now. You can read it here.
Security Playbooks V1.0 is approved as an OASIS Committee Specification. For details, see the announcement.
See OASIS announcement: Industry Leaders Collaborate at OASIS to Define Cybersecurity Course-of-Action Playbooks with CACAO: Accenture, Cisco, Cyware, EclecticIQ, FireEye, Fornetix, IBM, New Context, Syncurity, ThreatQuotient, U.S. NIST, and Others Will Develop Machine Readable Cyber Response Playbooks; 24 Sept 2019.
Participation in the OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TC is open to all interested parties. Contact join@oasis-open.org for more information.
04 September 2019: The CACAO TC held its inaugural meeting with 42 members attending. Bret Jordan of Symantec Corp. and Allan Thomson of LookingGlass were elected as Co-Chairs. Our congratulations to all on a successful launch.
CACAO TC members are developing a standard to implement the course of action playbook model for cybersecurity operations.
In order to defend against cyber threats, organizations must manually identify, create, and document the prevention, mitigation, and remediation steps that, together, form a course of action playbook. However, today, there is is no standardized way to document and share these playbooks across organizational boundaries and technology solutions.
CACAO addresses this problem by defining a sequence of cyber defense actions that can be executed for each type of playbook. It will specifically enable organizations to:
- create course of action playbooks in a structured machine-readable format,
- digitally sign course of action playbooks,
- securely share course of action playbooks across organizational boundaries and technological solutions, and
- document processing instructions for course of action playbooks in a machine readable format.
For more information, see the CACAO TC Charter.
Technical Work Produced by the Committee
CACAO Security Playbooks Version 2.0. Edited by Bret Jordan and Allan Thomson. 27 November 2023. OASIS Committee Specification 01. https://docs.oasis-open.org/cacao/security-playbooks/v2.0/cs01/security-playbooks-v2.0-cs01.html. Latest version: https://docs.oasis-open.org/cacao/security-playbooks/v2.0/security-playbooks-v2.0.html.
CACAO Security Playbooks Version 1.0. Edited by Bret Jordan and Allan Thomson. 23 June 2021. OASIS Committee Specification 02. https://docs.oasis-open.org/cacao/security-playbooks/v1.0/cs02/security-playbooks-v1.0-cs02.html. Latest stage: https://docs.oasis-open.org/cacao/security-playbooks/v1.0/security-playbooks-v1.0.html.
CACAO Security Playbooks Version 1.0. Edited by Bret Jordan and Allan Thomson. 12 January 2021. OASIS Committee Specification 01. https://docs.oasis-open.org/cacao/security-playbooks/v1.0/cs01/security-playbooks-v1.0-cs01.html. Latest version: https://docs.oasis-open.org/cacao/security-playbooks/v1.0/security-playbooks-v1.0.html.
Other Work Produced by the Committee
The committee has not yet produced any other supporting work.
No subcommittees have been formed for this TC.
No TC Liaisons have been announced for this TC.
OASIS Open Source Repositories Sponsored by the Committee
No Open Repositories have been set up for this TC.
No external resources address the work of the TC.
cacao: the discussion list used by TC members to conduct Committee work. TC membership is required to post, and TC members are automatically subscribed. The public may view the OASIS list archives.
cacao-comment: a public mailing list for providing feedback on the technical work of the OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TC. To send a comment, follow the instructions on the TC's public web page here or view the OASIS comment list archives.
- OASIS Unveils CACAO v2.0: Transforming Cybersecurity Course-of-Action Playbooks for Enhanced Defense; 13 December 2023
- Standardized Security Orchestration with CACAO Blog by Bret Jordan, Vasileios Mavroeidis, Luca Morgese, and Allan Thomson; 6 December 2023
- Industry Leaders Collaborate at OASIS to Define Cybersecurity Course-of-Action Playbooks with CACAO: Accenture, Cisco, Cyware, EclecticIQ, FireEye, Fornetix, IBM, New Context, Syncurity, ThreatQuotient, U.S. NIST, and Others Will Develop Machine Readable Cyber Response Playbooks; 24 Sept 2019
Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.