The Unified Cyber Ontology is a crosscutting and unified ontology approach to capturing the foundational objects, relationships, and rules across the cybersecurity domain. UCO works in close collaboration with adopting communities with expertise in specific cyber subdomain areas, where those communities extend UCO with ontologies containing objects, relationships, and rules that are specific to that cyber subdomain area. The UCO Community and subdomain communities align ontology development priorities and adoption technology engineering efforts. From time-to-time, the UCO Community adds new subdomain communities to join the effort. Subdomain communities can save a lot of engineering time by inheriting the common cyber domain objects, relationships, and rules applicable across the cyber domain. Existing subdomains include:
UCO’s cyber investigation use case is managed by the CASE Opensource Community
Cyber-investigation Analysis Standard Expression (CASE) is a community-developed evolving standard that provides a structured (ontology-based) specification for representing information commonly analyzed and exchanged by people and systems during investigations involving digital evidence. The power of CASE is that it provides a common language to support automated normalization, combination and validation of varied information sources to facilitate analysis and exploration of investigative questions (who, when, how long, where). In addition to representing tool results, CASE ensures that analysis results can be traced back to their source(s), keeping track of when, where and who used which tools to perform investigative actions on data sources. The CASE Community has eighty-five members representing fifty different organizations. Digital Investigation Tools that have adopted CASE and UCO.
The UCO Community has efforts underway to address the subdomain of cyber risk management. The UCO Community is planning to spin out cyber risk management contributors into its own subdomain community in the future.
The UCO Community has efforts underway to address the subdomain of cyber threat intelligence (CTI) with formal ontological specifications to provide a solid and flexible underpinning to various existing CTI resources and serializations. The UCO Community is planning to spin out cyber threat intelligence contributors into its own subdomain community in the future.
The UCO Community has efforts underway to address the subdomain of supply chain security. The UCO Community is planning to spin out cyber risk management contributors into its own subdomain community in the future.