Overview
This page provides the publication history of OpenC2 TC work products, with links to the most recent “approved” version as well as the current work-in-progress for the product. An entry is provided for each work product. For each document the reference includes the full title, a brief descriptions, and a table with dates and links for the approved versions. with information for “approved” versions. Table contents are ordered in reverse chronological order, newest version first. An explanation of the table details can be found at the end of the page
The following documents histories are provided on this page. For information regarding TC work products that have not yet reached the Committee Specification Draft (CSD) level, consult the list of GitHub repositories on the Specifications page.
| Overarching Documents | Actuator Profiles | Transfer Specifications | Informative Work |
|---|---|---|---|
| Architecture Specification | Stateless Packet Filtering | MQTT | Information Modeling with JADN CN |
| Language Specification | Packet Filtering AP | HTTPS | Actuator Profile Development Process CN |
| JSON Abstract Data Notation (JADN) | Threat Hunting AP |
OpenC2 Architecture Specification
Cyber attacks are increasingly sophisticated, less expensive to execute, dynamic and automated. The provision of cyber defense via statically configured products operating in isolation is untenable. Standardized interfaces, protocols and data models will facilitate the integration of the functional blocks within a system and between systems. Open Command and Control (OpenC2) is a concise and extensible language to enable machine-to-machine communications for purposes of command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. The Architecture Specification describes the abstract architecture of OpenC2 to define a common understanding of the messages and interactions for all bindings and serializations.
| Version | Approval Level | Publication Date |
|---|---|---|
| v1.0 WIP | Working meeting: 11 May 2022 | 11 May 2022 |
| v1.0 | CS01 | 30 September 2022 |
| v1.0 | CSD 01 | 18 May 2022 |
Open Command and Control (OpenC2) Language Specification
The Language Specification is an overarching OpenC2 document, which defines the basic conventions of the language, the set of available actions, and the base set of targets to which actions can be applied. This specification provides the semantics for the essential elements of the language, the structure for commands and responses, and the schema that defines the proper syntax for the language elements that represents the command or response.
| Version | Approval Level | Publication Date |
|---|---|---|
| v2.0 WIP | Working Meeting: 4 January 2023 | 22 September 2021 |
| v2.0 | CSD 02 | 15 May 2024 |
| v2.0 | CSD 01 | 16 November 2022 |
| v1.1 | CSD 01 | 18 August 2021 |
| v1.0 | CS 02 | 24 November 2019 |
| v1.0 | CS 01 | 11 July 2019 |
| v1.0 | CSD 08 / PRD 02 | 04 April 2019 |
| v1.0 | CSD 07 / PRD 01 | 17 October 2018 |
| v1.0 | CSD 06 | 17 October 2018 |
| v1.0 | CSD 05 | 20 July 2018 |
| v1.0 | CSD 04 | 31 May 2018 |
| v1.0 | CSD 03 | 03 April 2018 |
| v1.0 | CSD 02 | 14 February 2018 |
| v1.0 | CSD 01 | 14 November 2017 |
Specification for JSON Abstract Data Notation (JADN)
JSON Abstract Data Notation (JADN) is a UML-based information modeling language that defines data structure independently of data format. Information models are used to define and generate physical data models, validate information instances, and enable lossless translation across data formats. A JADN specification consists of two parts: type definitions that comprise the information model, and serialization rules that define how information instances are represented as data. The information model is itself an information instance that can be serialized and transferred between applications. The model is documented using a compact and expressive interface definition language, property tables, or entity relationship diagrams, easing integration with existing design processes and architecture tools.
| Version | Approval Level | Publication Date |
|---|---|---|
| v1.X WIP | Working Meeting: 16 June 2021 | 16 June 2021 |
| v1.0 | CS 01 | 17 August 2021 |
| v1.0 | CSD 02 (public review) | 16 June 2021 |
| v1.0 | CSD 01 (public review) | 21 October 2020 |
OpenC2 Actuator Profile for Stateless Packet Filtering (SLPF)
OpenC2 Actuator Profiles specify the subset of the OpenC2 language relevant in the context of specific actuator functions. This actuator profile specifies the set of actions, targets, specifiers, and command arguments that integrates Stateless Packet Filtering functionality with the OpenC2 command set.
| Version | Approval Level | Publication Date |
|---|---|---|
| v1.x WIP | 16 October 2020 | 16 October 2020 |
| v1.0 | CS 01 | 11 July 2019 |
| v1.0 | CSD 06 / PRD 03 | 31 May 2019 |
| v1.0 | CSD 05 / PRD 02 | 04 April 2019 |
| v1.0 | CSD 04 / PRD 01 | 17 October 2018 |
| v1.0 | CSD 03 | 04 October 2018 |
| v1.0 | CSD 02 | 20 July 2018 |
| v1.0 | CSD 01 | 31 May 2018 |
OpenC2 Actuator Profile for Packet Filtering (PF)
OpenC2 Actuator Profiles specify the subset of the OpenC2 language relevant in the context of specific actuator functions. Packet filtering is a cyber defense mechanism that denies or allows traffic based on static or dynamic properties of the traffic, such as address, port, protocol, etc. This profile defines the Actions, Targets, Specifiers and Options that are consistent with the Version 1.0 of the OpenC2 Language Specification in the context of packet filtering (PF).
| Version | Approval Level | Publication Date |
|---|---|---|
| v1.0 WIP | Working Meeting: 7 August 2024 | 7 August 2024 |
| v1.0 | CSD 01 | 21 July 2021 |
OpenC2 Actuator Profile for Threat Hunting (TH)
OpenC2 Actuator Profiles specify the subset of the OpenC2 language relevant in the context of specific actuator functions. This specification defines an actuator profile to automate management of cyber threat hunting activities using OpenC2. Threat hunting is the process of proactively and iteratively searching through networks and on endpoints to detect and isolate cyber observables that may indicate threats that evade existing security solutions. This actuator profile defines the OpenC2 Actions, Targets, Arguments, and Specifiers along with conformance clauses to enable the operation of OpenC2 Producers and Consumers in the context of cyber threat hunting. It covers the identification and invocation of stored hunting processes (e.g., “hunt flows”), passing of hunt parameters, and the expected type(s) and format(s) of information returned by hunting processes.
| Version | Approval Level | Publication Date |
|---|---|---|
| v1.0 WIP | Working Meeting: 5 December 2023 | 5 December 2023 |
| v1.0 | CSD 02 | 21 February 2024 |
| v1.0 | CSD 01 | 20 September 2023 |
Specification for Transfer of OpenC2 Messages via MQTT
OpenC2 transfer specifications utilize existing protocols and standards to implement OpenC2 in specific environments. Message Queuing Telemetry Transport (MQTT) is a widely-used publish / subscribe (pub/sub) transfer protocol. This specification describes the use of MQTT Version 5.0 as a transfer mechanism for OpenC2 messages.
| Version | Approval Level | Publication Date |
|---|---|---|
| v1.0 WIP | Working Meeting: 13 October 2021 | 13 October 2021 |
| v1.0 | CS 01 | 19 November 2021 |
| v1.0 | CSD 04 | 18 August 2021 |
| v1.0 | CSD 03 | 17 February 2021 |
| v1.0 | CSD 02 | 24 September 2020 |
| v1.0 | CSD 01 | 07 July 2020 |
Specification for Transfer of OpenC2 Messages via HTTPS
OpenC2 transfer specifications utilize existing protocols and standards to implement OpenC2 in specific environments. This specification describes the use of HTTP over TLS as a transfer mechanism for OpenC2 messages.
| Version | Approval Level | Publication Date |
|---|---|---|
| v1.1 WIP | Working Meeting: 8 Septenber 2021 | 8 September 2021 |
| v1.1 | CS 01 | 30 November 2021 |
| v1.1 | CSD 01 (public review) | 15 September 2021 |
| v1.0 | CS 01 | 11 July 2019 |
| v1.0 | CSD 05 / PRD 03 | 21 May 2019 |
| v1.0 | CSD 04 / PRD 02 | 04 April 2019 |
| v1.0 | CSD 03 / PRD 01 | 17 October 2018 |
| v1.0 | CSD 02 | 04 October 2018 |
| v1.0 | CSD 01 | 23 August 2018 |
Information Modeling With JADN
Information models (IMs) are used to define and generate physical data models, validate information instances, and enable lossless translation across data formats. JSON Abstract Data Notation (JADN) is a UML-based information modeling language that defines data structure independently of data format. This Committee Note describes the use of IMs, explains how to construct IMs using JADN, and contrasts IMs with other modeling approaches, such as Entity-Relationship models for databases, and knowledge models / ontologies.
| Version | Approval Level | Publication Date |
|---|---|---|
| v1.X WIP | Working Meeting: 12 April 2023 | 12 April 2023 |
| v1.0 | CN 01 | 19 April 2023 |
| v1.0 | CND 01 | 18 January 2023 |
OpenC2 Actuator Profile Development Process Version 1.0
OpenC2 Actuator Profiles (APs) specify the subset of the OpenC2 language relevant in the context of specific actuator functions. A profile refines the meaning of language elements used to perform the actuator function, and often defines additional elements that are relevant and/or unique to that function. This Committee Note describes the TC’s process for using the JSON Abstract Data Notation (JADN) information modeling language in the development of APs, resulting in a rigorous schema for an AP properly integrated with the base OpenC2 language.
| Version | Approval Level | Publication Date |
|---|---|---|
| v1.0 WIP | Working Meeting: 8 Nov 2023 | 10 Nov 2023 |
| v1.0 | CN01 | 17 January 2024 |
Explanation of History Table Details
- Version
- Approval Level -- A link to a specific
version of the document. The first row in each table is
a link to the current working version on GitHub,
reflecting either the latest change to in-progress
content, or the starting point for future changes,
depending on the document's current development status.
Subsequent rows are identified by approval level, which
is one of:
- OASIS Standard (OS) -- an official OASIS publication approved by the OASIS membership (none of the TC’s work products have yet reached this level).
- Committee Specification (CS) -- an official OASIS publication approved by a special majority vote of the TC as a complete and usable document.
- Committee Specification Draft (CSD) -- an official OASIS publication approved by a majority vote of the TC, a mostly-stable and usable but unfinished specification.
- Committee Specification / Public Review Draft (CS/PRD) -- an official OASIS publication approved by a majority vote of the TC and specified for release for public review (this terminology only applies to the TC’s original three specifications).
- Working Draft (WD) -- a snapshot version of a work-in-progress document posted to OASIS by the work product editors NOTE: for OS-, CS-, and CSD-level documents this item will be a link to the published HTML version of the work product; for WD-level documents the public link to the WD package in the TC’s document repository will be used.
- Publication Date -- the date when this version / approval level document was published. For an OS, CS, or CSD this will be the date contained in the published HTML version of the document. Unapproved WDs will instead have the date the WD package was uploaded to OASIS.