Press Release

OASIS Unveils CACAO v2.0: Transforming Cybersecurity Course-of-Action Playbooks for Enhanced Defense

Cisco, Cyware, IBM, U.S. NIST, and Others Advance Committee Specification for Orchestrating and Automating Cyber Response Playbooks

Boston, MA – 13 December 2023 – OASIS Open, the international open source and standards consortium, and the Collaborative Automated Course of Action Operations (CACAO) for Cyber Security Technical Committee (TC) have approved CACAO Security Playbooks v2.0 as an OASIS Committee Specification (CS). CACAO v2.0 will empower organizations to orchestrate, collaborate, and share cybersecurity playbooks. In the ongoing battle against threat actors, organizations must identify, create, document, and test various steps to detect, investigate, mitigate, and remedy potential threats. The culmination of these steps results in a cybersecurity playbook designed to secure organizational systems, networks, data, and users.

CACAO v2.0 defines the schema and taxonomy for cybersecurity playbooks and describes how they can be created, documented, and shared in a structured and standardized way across organizational boundaries and technological solutions. These playbooks give security teams the ability to respond to incidents, mitigate threats, and protect their networked systems by offering a modular and extensible approach to playbook development, ensuring that it can adapt to the diverse needs of different organizations.

“CACAO is the culmination of many years of hard work from the cybersecurity community outside and within OASIS, resulting in a significant step forward for all organizations looking to automate their defense against today’s latest cyber threats,” said Allan Thomson, co-chair of the CACAO TC. “We’ve taken the approach with CACAO, to embrace existing toolsets and processes security organizations are already familiar with, and defined a standardized playbook mechanism that allows orchestration and collaboration not easily achieved both within their own organization, as well as with external sharing partners.”

“The creation, development, and now approval of CACAO v2.0 as a Committee Specification is a testament to the hard work and collaboration of so many different individuals and organizations from around the world to help solve one of the biggest problems in cyber defense: the orchestration of response in cyber relevant time,” said Bret Jordan, co-chair of the CACAO TC. “This standardized approach to orchestrated cyber defense gives organizations the ability to navigate the evolving threat landscape with confidence, armed with the tools needed to orchestrate and automate responses effectively. I am so proud of the work that everyone has done to make this a reality. This TC has done for cyber security playbooks what STIX and TAXII did for cyber threat intelligence (CTI).”

For further insights, read the blog Standardized Security Orchestration with CACAO, written by Bret Jordan, Vasileios Mavroeidis, Luca Morgese, and Allan Thomson.

The CACAO TC is made up of a diverse group of global experts from various industries, including cybersecurity, government, and academia. OASIS Open encourages organizations and individuals to get involved in the development and adoption of CACAO v2.0 and other open standards for cybersecurity.

Additional Information
CACAO Technical Committee