Information Exchange Policy (IEP)

Mission

Automating the exchange of security and threat information in a timely manner is imperative to the future and effectiveness of the security response community. The timely distribution of threat indicators will only thrive in an environment where trust is sustained. A fundamental component of trust is a clear understanding of how information shared can and cannot be used with very few windows of interpretation. This level of clarity is essential to both the provider and the consumer as each wishes to ensure the information is handled properly. Trust is not a matter of technology; but of language, policy and structured understanding.

The general lack of adequate policy that supports information exchange is increasingly becoming an impediment to timely information exchange, that will only be exasperated as more organizations start actively participating in information exchange groups and the volume of security and threat information being shared continues to grow. One of the main challenges today is the lack of clarity when defining and interpreting the permitted actions, uses, and redistribution of information shared between organizations.

The need for an extensible information exchange policy framework has been identified, and the goals of this Special Interest Group is to collaboratively develop a framework for defining information exchange policy, and a set of common definitions for the most common policy aspects.

IEP allows information producers to inform recipients of the requirements attached to information they receive. It enables information producers to tell recipients how they need to store the information they receive, what they can do with that information, who they can share that information with, and what licensing restrictions there are attached to the information.

The IEP 2.0 framework is the result of many years of work, and is the first step on the road to automating the legal aspects of information sharing.

IEP 2.0 differences from IEP 1.0

Information Exchange Policy framework 2.0 is a new, updated version of IEP created using the lessons learned from earlier versions of IEP.

IEP 2.0 has been developed to be easier to use at scale and easier to extend than IEP 1.0. We've added the ability to house IEP policies in URL accessible IEPJ files, which in turn makes it much easier for organisations to share IEP policies.

We've also created a standard IEPJ Policy File that equates to each of the TLP values. Implementers can reference these standard IEPJ files from their Threat Intelligence Platforms, allowing multiple different organisations to share a common IEPJ between them without needing to share a full IEP policy each time they share information.

Content

This site provides the following content:

• IEP 2.0 Framework - This document describes the IEP 2.0 Framework and some rationale behind its development. Start here if you want to learn more about IEP 2.0 and how it works.
• IEP 2.0 JSON Specification - This document describes how to implement the IEP 2.0 framework using JSON. JSON was chosen as the first implementation of IEP specifically to enable its use within STIX 2.x and TAXII 2.x, but it will work just as well within any JSON-based protocol.
• Standard IEP Policies – This is where you will find all the standard IEP Policy Files. IEP Policy Files are shared network-accessible IEP policies that anyone else can use in their platform. We recommend you investigate the IEP TLP Policy File first, as TLP very commonly used within the intelligence sharing community.
• IEP 1.0 Archive – This is where you will find all the information about the earlier IEP 1.0 framework.