CAIF - COMMON ANNOUNCEMENT INTERCHANGE FORMAT

CAIF is an XML-based format to store and exchange security announcements in a normalized way. It provides a basic but comprehensive set of elements that is designed to describe the main aspects of an issue related to security. The set of elements can easily be extended to reflect either temporary, exotic or new requirements in a per-document manner. Besides addressing more than one problem within a single document the format allows to group information for more than one target group of readers as well as multi-lingual textual descriptions within one document. This can be used to selectively produce different renderings of an announcement for the intended target groups addressing one, a sub-set, or all problems multi- or mono-lingual in the languages provided.

NEWS

2005-11-10: Draft Version 1.2.3 released

• Established RFC 2119 compliance
• Added a section in chapter 4 'Paradigms', describing the paradigma to avoid the enforcement of a policy to make assessments of problems.
• Added the description of the 'policy' attribute in the chapters of the assessment elements ('risk' 13.8.1.7, 'probability-of-occurrence' 13.8.1.8, and 'threat' 13.8.1.9).

2005-05-08: Draft Version 1.2.2 released

• Added some clarification in the possible usage of the "aff" markup element, adapted draft to CAIF 1.2 (Revision 1).
• Changed attribute name in two elements for normalization purposes.

2005-04-26: Draft Version 1.2.1 released

• Deleted some mistakes and included a section explaining the pseudo syntax used in the synopses.

2005-04-24: Draft Version 1.2 released

• The new Draft has been published together with an updated version of the DTD (Version 1.2) and a matching example (see below).

Note, that the last digit in the version number increments whenever there are made minor changes regarding the wording or layout. Major releases increment the second digit. And a complete overhaul will increment the first digit.

REQUIREMENTS

• Draft defining the Requirements for CAIF (html, txt)

FORMAT SPECIFICATION

• CAIF Format Specification - Draft (html, txt)

DOCUMENT TYPE DEFINITION (DTD)

• caif.dtd (Version 1.2 (Revision 2), 2005-11-10) [ChangeLog]
• example document that validates against the DTD (Version 1.2 (Revision 2))

Additional documents will follow.

MAILING LISTS

There are two mailing lists for CAIF:

• caif-announce@lists.cert.uni-stuttgart.de
  Subscription: caif-announce-subscribe@lists.cert.uni-stuttgart.de
  On this read-only mailing list, announcements regarding CAIF are posted, such as the availability of a new draft.
• caif-discuss@lists.cert.uni-stuttgart.de
  Subscription: caif-discuss-subscribe@lists.cert.uni-stuttgart.de
  This mailing list is intended for discussions about the CAIF documents. Please send questions or corrections to this list.

PRESENTATIONS

• The first presentation of the CAIF Version 1.0 at the 6th TF-CSIRT Meeting 2002 in Copenhagen.
• Presentation as a tutorial at the 16th FIRST Conference (13th trough 18th of June 2004) in Budapest.
• Presentation of the first CAIF Developer Meeting from 26th through 27th July 2004) at RUS-CERT in Stuttgart.