OCSF Joins the Linux Foundation: Accelerating the Standardization of Cybersecurity Data

In the ever-evolving landscape of cybersecurity, the need for efficient, standardized ways to manage and analyze security data has never been more critical. Today, we are announcing a significant milestone in our industry’s journey towards this goal: the Open Cybersecurity Schema Framework (OCSF) is joining the Linux Foundation. AWS is a founding member and active contributor to OCSF, along with partners such as Splunk and IBM, and we believe this is a pivotal moment in our collective efforts to simplify and standardize cybersecurity data across the industry.

What began in 2022 as a vision to create a common language for security events has blossomed into a comprehensive framework addressing a wide range of cybersecurity data challenges. As we highlighted in our recent blog post, OCSF has expanded beyond just security events to encompass software inventory, remediation activities, and an OSINT profile for cyber threat intelligence enrichment. The latest version, OCSF 1.3.0, released in August 2024, introduced these new capabilities along with expanded Observable types and Attributes, further improving the existing event classes and their ability to represent and convey relevant cybersecurity information. This rapid evolution is a testament to the community’s commitment to continuously enhancing the framework to meet the dynamic needs of the cybersecurity landscape.

The decision to bring OCSF under the Linux Foundation’s umbrella is a natural and exciting progression. The Linux Foundation’s expertise in nurturing open source projects and its neutral governance model will provide OCSF with the ideal platform to accelerate adoption and development. This move will enable greater collaboration across the industry, bringing together diverse perspectives to further refine and expand the framework. At AWS, we’re particularly excited about the potential this holds for driving innovation in cloud security and beyond.

Since its introduction, OCSF has made a significant impact on how organizations handle cybersecurity data. By providing a unified schema, OCSF is helping to reduce the complexity of data normalization, improve the efficiency of threat detection and response, enhance interoperability between different security tools and platforms, and facilitate easier data sharing and collaboration across the industry. With the backing of the Linux Foundation, we expect these benefits to multiply, leading to more robust and effective cybersecurity practices across the board.

AWS remains deeply committed to the success of the OCSF project. We will continue to integrate OCSF into our security services and contribute to its development. Our goal is to ensure that AWS customers and the broader cybersecurity community can fully leverage the power of standardized security data. Looking ahead, we anticipate faster adoption across the industry, continued expansion of the framework to cover more cybersecurity domains, increased capability for our partners to integrate OCSF with artificial intelligence and machine learning technologies for advanced threat detection, and greater interoperability between cloud providers, security vendors, and open source tools.

AWS Customers Value OCSF

The impact of OCSF is already being felt across the industry. Here’s what some of our customers are saying about their experience with the framework:

“OCSF teaming up with the Linux Foundation is a major win for cybersecurity,” said CJ Moses, CISO at Amazon. “Data silos and the lack of a common standard have been major challenges for security analysts. The OCSF schema addresses this by providing a unified framework, helping create a safer digital world for everyone. This collaboration is a perfect example of how teamwork makes cybersecurity better for all.”

“The transition of OCSF to the Linux Foundation is a significant milestone that will benefit the entire cybersecurity ecosystem,” said Ankush Chowdhary, CISO Cyber Governance & Architecture at HPE. “By aligning OCSF with the Linux Foundation’s collaborative framework, we can expect to see increased innovation, greater cross-vendor interoperability, and more opportunities for security teams to leverage a common language for threat detection, security analytics, and incident response.”

“The Open Cybersecurity Schema Framework (OCSF) provides a flexible and standardized approach that allows our cybersecurity personnel to speak the same language and remain data platform-agnostic,” said Sean O’Hara, Executive Director, Cyber Defense at CVS Health. “It is extensible, machine-readable, and provides the flexibility we need throughout the telemetry lifecycle, without locking us into any specific system. Additionally, the open standard, current vendor support, and the community behind OCSF are the key reasons CVS Health has chosen to adopt, support, and contribute to the OCSF standards.”

“OCSF’s alliance with the Linux Foundation represents a significant leap forward for cybersecurity in the hospitality and entertainment sector,” said Wyatt Banks, Vice President, Cyber Defense at MGM Resorts International. “In our industry, where we manage complex systems spanning hotel operations, gaming platforms, and guest services, a standardized security framework is crucial. OCSF’s partnership with the Linux Foundation will accelerate the development of more robust, interoperable security solutions, enabling us to better protect our guests’ experiences and data across diverse touchpoints.”

How to Participate in OCSF

The strength of OCSF lies in its community, and its future success depends on broad participation. Whether you’re a security practitioner, a software developer, or a cybersecurity vendor, your input is invaluable. We encourage you to explore OCSF, contribute to its development, and help shape the future of cybersecurity data standardization. To learn more about OCSF and how you can contribute, visit https://ocsf.io/.

In an increasingly complex digital world, initiatives like OCSF are crucial in our collective efforts to mitigate cyber risks. By joining the Linux Foundation, OCSF is poised to make an even greater impact. At AWS, we’re proud to be part of this journey and excited about the possibilities that lie ahead. Together, we can build a more secure digital future, and OCSF’s move to the Linux Foundation is a significant step in that direction.