网络威胁信息共享指南公益 译文项目 美国国家标准与技术研究院（NIST） 美国商务部 2016年4月NIST特别刊物 800-150（第二版）文档信息 原文名称 Guide to Cyber Threat Information Sharing 原文作者 Chris Johnson, Lee Badger, David Waltermire, Julie Snyder, Clem Skorupka原文发布日期 2016年4月 作者简介 原文发布单位 美国国家标准与技术研究院 美国商务部 原文出处 http://csrc.nist.gov/publications/drafts/800-150/sp800_150_second_draft.pdf 译者 小蜜蜂公益翻译组 校对者 小蜜蜂公益翻译组 免责声明 本文原文来自于互联网的公共方式，由“安全加”社区出于学习交流的目的进行翻译，而无任何商业利益的考虑和利用， “安全加”社区已经尽可能地对作者和来源进行了通告，但不保证能够穷尽，如您主张相关权利，请及时与“安全加” 社区联系。  “安全加”社区不对翻译版本的准确性、可靠性作任何保证，也不为由翻译不准确所导致的直接或间接损失承担责任。 在使用翻译版本中所包含的技术信息时，用户同意“安全加”社区对可能出现的翻译不完整、或不准确导致的全部或部分损失不承担任何责任。用户亦保证不用做商业用途，也不以任何方式修改本译文，基于上述问题产生侵权行为的， 法律责任由用户自负。 小蜜蜂公益翻译组 “安全加”社区目录 执行摘要 ························································································ 1 1.0 导言 ························································································· 3 1.1 目的与范围 ····················································································· 3 1.2 读者对象 ························································································ 3 1.3 文档结构 ························································································ 3 2.0 认识网络威胁信息共享 ································································ 4 2.1 威胁信息类型 ·················································································· 4 2.2 信息共享的益处 ··············································································· 4 2.3 信息共享面临的挑战 ········································································· 5 3.0 建立共享关系 ············································································· 7 3.1 定义信息共享目标 ············································································ 7 3.2 识别内部网络威胁信息源 ··································································· 7 3.3 定义信息共享活动的范围 ··································································· 9 3.4 制定信息共享规则 ············································································ 9 3.5 加入共享社团 ················································································· 12 3.6 为信息共享活动提供持续支持的计划 ··················································· 14 4.0 参与共享关系 ··········································································· 15 4.1 参与持续沟通 ················································································· 15 4.2 使用和响应安全警报 ········································································ 15 4.3 使用指标 ······················································································· 16 4.4 梳理与存储指标 ·············································································· 17 4.5 编制和发布指标 ·············································································· 18 附录 附录 A 网络威胁信息共享场景 ································································ 20 附录 B 术语表 ····················································································· 22 附录 C 缩略语 ····················································································· 23 附录 D 参考资料 ·················································································· 24网络威胁信息共享指南 2016年4月公益 译文项目 授权 本文由 NIST依据《2014 年联邦信息安全现代化法案》（ FISMA）（美国法典第 44卷第 3541节、 113–283公法）规定的 NIST法定职责拟定。NIST 负责开发信息安全标准和指南，包括联邦信息系统的最低 要求。但是，未经相关系统决策联邦官员的明确许可，这些标准和准则不得用于国家安全系统。该指南符合 美国行政管理和预算局（OMB）A-130 通告的要求。 由商务部长依法授权制定的标准和指南具有强制性与约束力，本文内容与其冲突时，以前者为准。本文 所述准则并不会更改或取代商务部长、行政管理和预算局局长或其他联邦官员的现有权力。本刊不受美国版权保护，非政府组织可自愿使用，但组织在使用本文时提及作者，NIST 将不胜感激。 美国国家标准与技术研究院特别刊物 800-150 NIST SP800-150, 共39页（2016 年4月） 分类编号：NSPUE2 本文中可能提到的商业实体、设备或资料，仅为准确描述规程（ procedure）或概念之用， 并非暗示 NIST推荐或者认可，也不表明这些实体、资料或设备是实现目的的最佳选择。 本文提及的 NIST依据法定职责制定的其他文档，有些可能处于开发过程中。也就是说，联邦机构在使 用本文信息 （包括概念和方法） 时， 所提及的同系列其他文档可能并未完成。 这种情况下， 在上述文档完成之前， 现有的要求、指南和规程依然有效。为满足规划及过渡需要，联邦机构或会密切追踪 NIST新文档的开发。 欢迎各组织在公开征求意见期间评审所有文档草案，并向 NIST提供反馈意见。 欲了解 NIST有关网络 安全的其他刊物，请访问：http://csrc.nist.gov/publications。网络威胁信息共享指南 2016年4月公益 译文项目 计算机系统技术报告 美国国家标准与技术研究院（NIST）信息技术实验室（ITL）为美国的测量和标准基础架构提供技术领导， 促进美国经济与公共福利。 ITL负责开发测试项目、制定测试方法，并提供参考数据、概念验证实现和技术分 析来推动信息技术的发展和生产应用。 ITL的职责包