Open Cybersecurity Alliance Adds PACE Posture Assessment Project

Security practitioners will leverage PACE to evaluate their organization’s overall state of cybersecurity readiness

9 December 2021 — The Open Cybersecurity Alliance (OCA), a global, ​standards-based initiative to simplify ​​integration across the threat lifecycle, announced today that it has accepted the Posture Attribute Collection and Evaluation (PACE) project contributed by the Center for Internet Security (CIS), the National Security Agency (NSA) and McAfee. PACE will focus on creating production-ready code that evaluates the posture assessment of computing resources using a communication fabric which will allow organizations to use this information in zero-trust architecture decisioning.

Based on an implementation effort from the IETF Security Automation and Continuous Monitoring (SACM) architecture, PACE will deliver community-maintained code that will arm operators with an interoperable out-of-the-box solution that monitors risk and threat exposure, reducing integration costs and redundancy while increasing resiliency. Providing comprehensive views into the endpoint, PACE will take advantage of existing standards such as SCAPv2 and leverage ongoing work in SBOM, to allow cybersecurity practitioners to fully utilize threat-informed defenses in their environment in an open and interoperable fashion.

The PACE project aligns with the OCA’s mission of integrating tools and solutions across security teams and will directly enable vendors and end users, advancing the OCA’s mission of building an open ecosystem where cybersecurity products interoperate without the need for customized integrations.

“NSA Cybersecurity is proud to have supported the development of the OASIS standard OpenC2 language for command and control, which has been included in PACE. Additionally, PACE will leverage several of the cybersecurity standardization efforts NSA has been working on with industry partners to improve the cybersecurity of National Security Systems, the Department of Defense and the Defense Industrial Base.” — Neal Ziring, Cybersecurity Technical Director, National Security Agency

PACE joins other OCA projects that include Kestrel, the threat hunting tool, the STIX Shifter patterning library, and the OCA Ontology.

The OCA is hosted by OASIS Open, one of the most respected, international bodies in the world for open source and standards. To learn more about the OCA, or other OCA technologies that are available to help security teams connect their security tools and data, please visit: https://github.com/opencybersecurityalliance.

Center for Internet Security

“Managing risk and addressing threat exposure are important facets of any security program. CIS is pleased to have introduced PACE as a new OCA project, we look forward to evaluating and integrating new posture assessment solutions as the cooperative ecosystem increases in participation and interest.” – Adam Montville, Chief Product Architect, Center for Internet Security

CyberNB | CIPnet

“We applaud the work of OASIS and believe in the mission to create open, global standards that help strengthen digital resiliency. The new PACE project will help define standardized process to measure cybersecurity posture across computing resources. The team here at CyberNB and our Critical Infrastructure Protection Network (CIPnet) will benefit from the PACE project and its outcomes.” – Tyson Johnson, CEO, CyberNB | CIPnet

Cydarm Technologies

“PACE is an important addition to the OCA project portfolio, as it enables faster gathering of context around intrusion alerts, enabling responders to more quickly triage possible incidents and reduce time wasted on repetitive queries across disconnected systems. Cydarm looks forward to integrating PACE, to further our goal of enabling better and faster security operations.” – Dr. Vaughan Shanks, CEO, Cydarm Technologies

Cyware Labs

“Cybersecurity threats are rapidly evolving, making it essential for organizations to have complete visibility over their current security posture and the environment they are striving to protect. At Cyware, we facilitate the goal of collective defense for all organizations and communities through collaborative threat response and threat intelligence sharing. PACE, an OCA project will steer the community towards a collaborative framework, enabling them to have the right visibility over the security posture of any organization.” – Avkash Kathiriya, VP – Research and Innovation, Cyware Labs

F5 Inc.

“Effectively sketching the cybersecurity posture of organizations to practically combat cyber threats requires the power of both enterprise and open-source tools to build a coherent and vigorous cyber defense platform. Fusion and integration of security products including information exchange with the PACE project in the OCA ecosystem not only helps the organizations to subvert cyber threats at scale by generating efficient threat intelligence but also helps to build a proactive and robust cybersecurity stance. In fact, that’s the need of the hour for organizations to provide a secure and safe digital transformation environment to customers.” – Renuka Nadkarni, CTO Security, F5 Inc.

IBM Security

“Posture assessment is foundational for any zero-trust based approach to security. Having open and interoperable implementation of existing posture standards is critical to ensuring that innovations in this space can be effectively implemented by the broader community, and bringing the PACE project into the OCA will help the industry realize that goal.” – Jason Keirstead, Senior Technical Staff Member and the Chief Architect of Threat Management, IBM Security

McAfee

“The state of a system at the time of an event is of utmost importance in an event driven system, perhaps as important as the event itself. Without this context, we cannot determine if an event is of high or low critical importance or what the resulting action should be to a given event. Posture attributes that we can broadly agree on as well as open tooling for the collection and evaluation of those attributes is a great move forward in making open, interoperable and event-driven cybersecurity a reality.” – Mark Mastrangeli, Lead Technology Architect, McAfee

Rapid7

“Visibility is the cornerstone of cybersecurity. Being able to measure and effectively communicate the posture/state of business process assets fosters better (and faster) decision making and can significantly improve enterprise safety and resilience. By creating and relying on open standards for data storage and interchange and removing the need for vendors to reinvent the wheel on commodity architecture components, PACE will help bring security automation and continuous monitoring (SACM) to the widest possible audience, arming organizations of any size with the core components necessary to maintain the health of their IT ecosystems.” – Bob Rudis, Chief Security Data Scientist, Rapid7

SAIC

“As a leading systems integrator for the federal government, SAIC assesses cyber security postures of large customers with complex cyber environments. We have made significant progress in creating a holistic picture with a repeatable process, and the PACE project will enhance our solutions by allowing us to generate the posture and compliance picture in a more rapid and standardized fashion.” – Forrest Hare, Solution Developer, Cyberspace Operations, SAIC

sFractal Consulting

“PACE is a great fit for OCA’s mission of standards-based, vendor-agnostic, interoperable cybersecurity. One timely PACE example is the Software Bill of Materials (SBOM) – collecting the SBOM of a device or cloud-service and comparing it with vulnerabilities found in the National Vulnerability Database, and using the results to inform your threat-hunting.” – Duncan Sparrell, Chief Cyber Curmudgeon, sFractal Consulting

ThreatQuotient

“ThreatQuotient believes in a data-driven approach to security that improves efficiency, has an open architecture, and enables balanced automation. We are proud to be a part of the OCA and to support protocols and standards such as PACE that simplify the exchange of information between different teams and technologies, and enable threat-informed defenses. We are encouraged by continued efforts across the industry to meet the needs of security teams and ultimately help them improve the resiliency of their organizations.” – Haig Colter, Director, Alliances, ThreatQuotient

VISUA

“VISUA recently joined the OCA specifically because we saw the valuable work the member companies were doing to not only find new and innovative ways to detect compromises and behaviours, but also to communicate threat intelligence in a more cohesive and open way. This kind of work is very exciting to us as we bring new technology discussions to the world of cyber security and begin to integrate the wonderful innovations developed and ratified by OASIS members. PACE is yet another example of this great work.” – Alessandro Prest, CTO and Co-Founder, VISUA

About the Open Cybersecurity Alliance

The Open Cybersecurity Alliance brings together vendors and end-users to create an open cybersecurity ecosystem where products can freely exchange information, insights, analytics, and orchestrated response. OCA supports commonly developed code and tooling and the use of mutually agreed upon technologies, data standards, and procedures. The OCA is governed under the auspices of OASIS Open, which offers projects a path to standardization and de jure approval for reference in international policy and procurement.

The OCA is led by these organizations committed to solving the costly problem of siloed cyber tools and products: Center for Internet Security (CIS), Copado, Cybereason, CyberNB, Cydarm, Cyware, EclecticIQ, F5 Inc., IBM Security, McAfee, Prophecy International, Rapid7, sFractal Consulting, SafeBreach, SAIC, Tenable, ThreatQuotient, TruSTAR, VISUA and VMware.

Contact information:
Dee Schur, Senior Manager, Development & Advocacy
OASIS Open
dee.schur@oasis-open.org
+1 941-321-6733