Information Exchange Policy 2.0 Framework Definition

Available in PDF

Introduction

1. About this policy

2. Background

3. Roles

4. Definitions

5. Policy Statements

6. Policy Types

7. Handling Policy Statements

8. Action Policy Statements

9. Sharing Policy Statements

10. Licensing Policy Statements

11. Metadata Policy Statements

12. Policy References

Appendix A: IEP Framework JSON examples

The IEP-SIG have defined an IEP 2.0 JSON Specification, outlining how JSON based information sharing protocols can use IEP within their sharing standards. This companion document can be found at the FIRST IEP-SIG homepage at first.org/iep.

IEP Policy object example

The following is an example JSON representation of an IEP 2.0 policy, using the implementation as defined by the IEP 2.0 JSON Specification.

{
        "id": "01bc4353-4829-4d55-8d52-0ab7e0790df9",
        "name": "FIRST IEP-SIG TLP-AMBER",
        "description": "This is the FIRST IEP-SIG TLP-AMBER Information Exchange Policy.",
        "iep_version": 2.0,
        "start_date": "2017-01-01T00:00:00Z",
        "end_date": null,
        "encrypt_in_transit": "may",
        "permitted_actions": "externally-visible-direct-actions",
        "affected_party_notifications": "may",
        "tlp": "amber",
        "attribution": "must-not",
        "unmodified_resale": "must-not",
        "external_references": [ 
            "https://www.first.org/tlp", 
            "https://www.first.org/iep"
        ]
    }

IEP Policy Reference example

The following is an example of how to refer to an IEP 2.0 policy using an IEP Reference as defined by the IEP 2.0 JSON Specification.

{
    "id_ref": "01bc4353-4829-4d55-8d52-0ab7e0790df9",
    "url": "https://www.first.org/iep/2.0/first-tlp-iep.iepj",
"iep_version": 2.0
}



  1. IEP 2.0 JSON Specification ^
  2. FIRST Traffic Light Protocol ^
  3. STIX ^
  4. Key words for use in RFCs to Indicate Requirement Levels: https://tools.ietf.org/html/rfc2119 ^
  5. Id. ^
  6. A Universally Unique IDentifier (UUID) URN Namespace: https://tools.ietf.org/html/rfc4122 ^
  7. Coordinated Universal Time - Wikipedia ^
  8. Id. ^
  9. Uniform Resource Identifier (URI): Generic Syntax: https://tools.ietf.org/html/rfc3986 ^

Abstract

The FIRST Information Exchange Policy (IEP) Framework enables threat intelligence providers to inform recipients how they may use the threat intelligence they receive. IEP ensures that both parties are aware of any restrictions on the use of the shared threat intelligence, and reduces the likelihood of misunderstandings.

IEP 2.0 builds upon the work done in IEP 1.0 to enhance the re-usability of the IEP Framework, reducing its impact on implementations, and enabling the sharing of common IEP Policies.

Release Date

6 November 2019

Co-chairs

The FIRST IEP Special Interest Group Co-chairs at the time of release were:

Editors

The FIRST IEP 2.0 Framework Definition was created and edited by the following people:

Contributors

The following people contributed to the FIRST IEP 2.0 Framework Definition:

Copyright © 2019 Forum of Incident Response and Security Teams, Inc. (FIRST). All Rights Reserved. The Information Exchange Policy 2.0 JSON Specification is licensed under the Creative Commons CC - BY-SA (Attribution+ShareAlike) license.