Open Command and Control (OpenC2)

Creating a standardized language for the command and control of technologies that provide or support cyber defenses.


OpenC2 defines a language at a level of abstraction that will enable unambiguous command and control of cyber defense technologies.

OpenC2 is broad enough to provide flexibility in the implementation of devices and accommodate future products and will have the precision necessary to achieve the desired effect.

As an Open Source initiative, the community of cyber-security stakeholders across government agencies, small to large industries across all sectors, and academia can join together to innovate and evolve this cyberdefense approach.

Current Cyberdefense

Today, cyber defense technologies, systems and applications often use proprietary software and commands to control system configurations. Most environments within a company or enterprise are comprised of hundreds of different types of cyber-defense devices.

When security incidents are detected or configuration changes are required, manual commands and real time system updates are required, increasing incident response time and potentially introducing human error.

OpenC2 for Defense in Cyber-Relevant Time

Through OpenC2 and the use of standardized interfaces and protocols, interoperability across tools, vendors, technologies and programming languages is achieved.

Security professionals can orchestrate automated, tactical threat responses across a wide range of cyber-defense technologies at speeds significantly greater than previously imagined.

How can OpenC2 help?

OpenC2 is a limited language which simply conveys the “action” part of the cybersecurity process.

This open standards driven orchestration language, based on the nouns and verbs required to encode human intent and decisions and machine-readable instructions, enables automated courses of action.

Frequently Asked Questions

  • What is OpenC2?

    OpenC2 is a standardized language for machine-to-machine communications for the command and control of technologies that provide or support cyber defenses.

  • OpenC2 is an open source language, available for use and input across the cyber-security community. Many open source languages and technologies benefit from support of standards bodies, to help guide and champion on-going use and evolution of the software or technology. OpenC2 is a project under OASIS. OASIS is the Organization for the Advancement of Structured Information Standards, a nonprofit international consortium that develops open IT standards.

  • As cyber-defense technology vendors and providers adopt OpenC2, OpenC2 can dramatically improve incident response to cyber-threats and allow for enterprise wide interoperability for cyber-security policy orchestration. Management and development of cyber-defense responses is simplified and greater collaboration and integration across a wide range of technologies is enabled.

  • OASIS Specifications are open for all to use. See this page for the specifications.

    Open source software to implement OpenC2 can be found in this page.