Final Published: STIX2.1 & TAXII2.1

ByJane Ginn

June 24, 2022 , ,

The leading standards for representing and sharing cyberthreat intelligence are now OASIS Standards, publicly available for download and implementation.

OASIS Members and all interested parties,

OASIS is pleased to announce the publication of its newest OASIS Standards, approved by the members on 10 June 2021:

STIX™ Version 2.1
OASIS Standard
10 June 2021


TAXII™ Version 2.1
OASIS Standard
10 June 2021

The OASIS Cyber Threat Intelligence (CTI) TC was chartered to define a set of information representations and protocols to address the need to model, analyze, and share cyber threat intelligence. The work was based initially on three specifications contributed by the US Department of Homeland Security (DHS) for development and standardization under the OASIS open standards process: STIX (Structured Threat Information Expression), TAXII (Trusted Automated Exchange of Indicator Information), and CybOX (Cyber Observable Expression).

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence. STIX enables organizations and tools to share threat intelligence with one another in a way that improves many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

The TC received 11 Statements of Use from Accenture Security, Anomali, Avast Software s.r.o., CISA, DarkLight, Inc., EclecticIQ B.V., Fujitsu, IBM, New Context, SEKOIA, and Trend Micro.

TAXII is an application layer protocol for the communication of cyber threat information in a simple and scalable manner. It is specifically designed to support the exchange of CTI represented in STIX, but is not limited to STIX.

The TC received 9 Statements of Use from Avast Software s.r.o., Celerium, CISA, Cyware Labs, EclecticIQ B.V., FreeTAXII, Fujitsu, SEKOIA, and Trend Micro.


The OASIS Standards and all related files are available here:

* STIX Version 2.1

Editable source (Authoritative):



* TAXII Version 2.1

Editable source (Authoritative):



Distribution ZIP files

For your convenience, OASIS provides a complete package of the prose specifications and related files in ZIP distribution files. You can download the ZIP files here:

* STIX Version 2.1:

* TAXII™ Version 2.1:

Our congratulations to the members of the OASIS Cyber Threat Intelligence (CTI) TC on achieving this milestone.

Translate »