Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
STIX 2 / TAXII 2 Preferred is a cyber threat intelligence interoperability self-certification program operated by OASIS Open. It is aimed at software and data service providers that encode, share, consume, or transmit STIX 2 data, and that may exchange intelligence via TAXII 2. Its core purpose is not to provide a protection engine, but to publicly list products or services whose vendors claim to have passed the OASIS CTI Interoperability Tests.
The program covers multiple security product roles, including data source providers, threat intelligence platforms (TIPs), SIEMs, threat mitigation systems, threat detection systems, intelligence converters/consumers, and TAXII Servers. Successful participants may use the STIX Preferred mark for specific products and major versions. However, the documentation clearly states that OASIS performs only a limited review of submitted materials, does not independently verify vendor-submitted information, and does not endorse product performance, accuracy, or usability. As such, it is better viewed as an interoperability reference rather than a certification of security effectiveness.
The FAQ clearly states that there is no fee for self-certifying as STIX 2 Preferred or STIX/TAXII 2 Preferred. Submissions, questions, and information updates are handled primarily through the official email address. Reviews are carried out by volunteers, and the program also states that it does not guarantee notification or processing timelines. Certification applies to the specific product and major version submitted; new products or new major versions require a new submission, and the listing also indicates test dates to help users assess timeliness.
The advantages are that it is free, has a clear standards-based background, has a low barrier to participation, and helps users determine whether a product exchanges intelligence using STIX/TAXII. This is especially useful for compatibility screening in multi-vendor security environments. The downside is that the credibility of the self-certification depends on the submitting organization’s own reputation, with no third-party audit. It also does not provide protection, alerts, an operations console, managed services, or payment/procurement information.
It is suitable for TIP, SIEM, TAXII Server, EDR/IDS/IPS, and threat intelligence service vendors that need to demonstrate or evaluate STIX/TAXII compatibility. The source text does not provide information on access from China, and payment is not relevant because the self-certification is free. For real-world deployment, it can be evaluated alongside threat intelligence platforms, SIEM, SOAR, MISP, and other solutions that support STIX/TAXII.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on oasis-stixpreferred.org official site.
oasis-stixpreferred.org is an United States Security provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach oasis-stixpreferred.org directly.