FIRST and OASIS sign agreement to cooperate and promote cybersecurity standardization

Memorandum of Understanding enables organizations to improve international cooperation on developing standards for cybersecurity.

Memorandum of Understanding enables organizations to improve international cooperation on developing standards for cybersecurity.

11th April 2017 - The Forum of Incident Response and Security Teams (FIRST) and OASIS today announced the signing of an agreement that strengthens support between the organizations and their activities in developing cybersecurity standards.

As part of the agreement, FIRST and OASIS will develop mechanisms to permit each other’s members to provide collective input in the development of their standards, with the initial focus on cyber threat intelligence sharing. The agreement also enables both organizations to collaborate and partner on organizing events that educate and promote adoption of cybersecurity standards.

Under the agreement, both organizations will continue to maintain and supports separate infrastructures to develop, promote and support internet standards. The agreement enables FIRST and OASIS to cooperate more closely on their development, and collaborate on issues of critical importance to the global incident response community.

Margrete Raaum, Chairwoman of FIRST, said: “FIRST members have long participated and supported the standards developed by OASIS, in particular STIX and TAXII. Prior to our engagement with OASIS, we have organized events to educate members on these and other threat intelligence standards. Being able to now work directly with OASIS offers significant benefits for our members, and we expect OASIS members will benefit from the technical implementations FIRST members pursue of its standards.”

Laurent Liscia, CEO of OASIS, said: “This MoU formalizes the close, productive relationship between FIRST and OASIS. Together, we’re dedicated to pursuing complementary efforts and preventing duplication, fragmentation, and confusion in the cyber community. The relationship between our organizations reflects our mutual philosophy for cyber threat intelligence, ‘Sharing makes us all stronger’. ”


Founded in 1990, the Forum of Incident Response and Security Teams (FIRST) consists of internet emergency response teams from more than 360 corporations, government bodies, universities and other institutions across 78 countries in the Americas, Asia, Europe, Africa, and Oceania. It promotes cooperation among computer security incident response teams. For more information, visit:


Founded in 1993, OASIS is a nonprofit consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS cyber security standards include STIX and TAXII for threat intelligence sharing, CSAF for vulnerabilities disclosure, and OpenC2 for command and control defense. For more information, visit:


Harry Saunders or Janine Maxwell
Four Communications
Tel: +44 (0)20 3697 4329 or +44 (0)20 3697 4351