Automated Indicator Sharing (AIS) TAXII 2.1 Capability Documents for More Information

The Terms of Use (TOU) give the basic rules and responsibilities for connecting to the TAXII Server as well as some basic terminology that is used in the program.

This addendum to the AIS Terms of Use sets forth the terms and conditions governing use of AIS-derived data by Data Aggregators

CISA’s' free Automated Indicator Sharing (AIS) program enables organizations to share and receive machine-readable cyber threat indicators (CTIs) and defensive measures (DMs) in real time to monitor and defend their networks against relevant known threats.

FAQs and guidance to help support customers in successfully connecting to the TAXII server.

The FAQ regarding the implementation of Automated Indicator Sharing (AIS).

Privacy Impact Assessment regarding AIS.

An overview of the MISA to enhance cybersecurity information sharing among federal agencies.

The Interconnect Agreement explains the responsibilities on both sides of the sharing relationship.

Guidance for AIS participants when submitting CTIs and DMs in the Structured Threat Information Expression (STIX) format via the Trusted Automated Exchange of Intelligence Information (TAXII).

Examines the formal set of submission requirements for AIS Participants when submitting CTIs and DMs to AIS using the Structured Threat Information Expression (STIX) format via the Trusted Automated Exchange of Intelligence Information (TAXII).

This guide developed by the OASIS Cyber Threat Intelligence (CTI) Technical Committee suggests best practices to use for STIX content, both for some non-MUST normative statements and for considerations beyond the specification.

This Access Control Specification (ACS) document, the result of that collaboration, specifies the data elements required to implement automated access control systems based on the relevant policies governing sharing between participants.

Provides significant information on the brokering functions provided by DHS.

This guide demonstrates how the AIS status service works.

This guide provided examples of common use cases and illustrates how TAXII filtering functions.

This document indicates multiple features and use-cases available to AIS participants to be better informed before participation in the AIS production environment.

Open-source TAXII graphical user interface client able to poll and publish to/from the AIS TAXII server.

Cybersecurity Information Sharing Act of 2015 Original Act from the Government Printing Office.

Guidance to assist Non-Federal entities in sharing Cyber Threat Indicators and Defensive Measures

Guidance to assist Federal entities to share Cyber Threat Indicators and Defensive Measures.

Establishes privacy and civil liberties guidelines governing the receipt, retention, use, and dissemination of cyber threat indicators by a federal entity.

Consistent with section 105(a)(2) and (3) of the Cybersecurity Information Sharing Act of 2015 (CISA), this document establishes procedures relating to the receipt of cyber threat indicators and defensive measures by all federal entities under CISA.