NOTE: This wiki is provided by the OASIS standards consortium as a collaborative tool for members of the OASIS Threat Actor Context (TAC) Technical Committee, who are permitted to post to these pages. As this is an official workspace of the TC, the OASIS IPR Policy and other OASIS rules apply to its use. To learn more about the work of the TC, send a comment, or join this effort, visit the OASIS TAC TC homepage.
Wiki pages are transient documents, so intermediate edits may not be saved. TC members should move all permanent work and stable artifacts to the TC's document repository, where the archival work product of the TC also can be viewed by the public.
Threat Actor Context (TAC) Technical Committee (TC) Wiki
- The TAC TC seeks to resolve ambiguity across different sources and solutions characterizing threat actor activity in order to support organizing what is known and to share information about threat actors and the STIX Domain Objects (SDOs) related to them. This includes, but is not limited to such SDOs as Intrusion Sets, Campaigns, Indicators, and Identity. The TC will establish a common knowledge framework that enables semantic interoperability of threat actor contextual information.
- Multiple researchers, analysts, vendors, government agencies, and critical infrastructure operators have done extensive work in this area. Our intention is to be inclusive rather that exclusive. If you are aware of significant research or best practices guidance in this area, please feel free to add the reference below.