TAXII 2 Homepage

This is the landing page for information related to TAXII 2. This page is intended to be an index into the latest information and resources, so please bookmark it if you are interested in TAXII!

If you’d like to contribute to the conversation, please join the OASIS CTI TC, send an email to the CTI Users list [](, or send an email to the OASIS CTI TAXII SC co-chairs, Mark Davidson ( and Bret Jordan (

Vision Statement

TAXII is an open protocol for the communication of cyber threat information. Focusing on simplicity and scalability, TAXII enables authenticated and secure communication of cyber threat information across products and organizations.

Open Question(s):

  • Should it be “cyber threat information” or just “threat information”?

Design Artifacts

Design artifacts include Use Cases, Requirements, etc.


This is a list of discussion topics that appear to have rough consensus in the TAXII SC and can be considered decisions.

  • Vision Statement (See above)
  • HTTP as an MTI protocol
    • Includes “Groups of Channels” as an API Base
    • Includes DNS SRV record definition
  • Authentication

Current Proposals

The TAXII Subcommittee (SC) is currently in the process of requesting and evaluating proposals for TAXII 2. The current list of proposals under evaluation is here:


This is a list of related work, in no particular order. If you see something missing, please let us know and we’ll add it.

Related Work

Related Reading

These readings cover a variety of topics, from messaging to threat sharing to standards processes and more. They represent resources that have informed the thinking of the OASIS CTI TAXII SC.