Different cybersecurity organizations are implementing common cybersecurity protocols for the capture and exchange of system state, vulnerability, incident forensics, and incident heuristics information in operational applications and as specified in this Recommendation. As this information is becoming available from many different sources, implementers should harmonize how they identify cybersecurity organizations, trust and information exchange policies, and the information itself that is exchanged or distributed.
Any globally unique identifier used for global cybersecurity information exchange must necessarily have the following characteristics:
Cybersecurity information exchange protocols can be used by anyone, anywhere, at any time. So there is no way to control their use. However, common interests may exist among cybersecurity communities regarding cybersecurity identifiers and their creation, administration, discovery, verification, and use. Some of those interests include:
Rec. ITU-T X.cybex.1 (document not available), Guidelines for Administering the OID arc for cybersecurity information exchange. A common global cybersecurity identifier namespace for these purposes is described in Rec. ITU-T X.cybex.1, together with administrative requirements, as part of a coherent OID arc, and includes:
Rec. ITU-T X.cybex-disc, Discovery Mechanisms in the Exchange of Cybersecurity Information. This recommendation provides methods and mechanisms which can be used to identify and locate sources of cybersecurity information, types of cybersecurity information, specific instances of cybersecurity information, methods available for access of cybersecurity information as well as policies which may apply to the access of cybersecurity information.
The following text has been taken verbatim from ITU-T TD 0503 Rev.1 Proposed initial draft text for Rec. ITU-T X.cybex, Cybersecurity information exchange framework document. Linked documents and links to other materials are not present in the original document but are added for your convenience. The text below is only an excerpt from the full text, section numeration is retained as it is in the original document.