Cyber Ontology Foundry
The Cyber Ontology Foundry is a community-governed initiative to develop, maintain, and coordinate open, interoperable, formally grounded ontologies for the cyber domain.
The Foundry supports shared understanding, data integration, automated reasoning, threat analysis, cyber mission planning, incident response, compliance, vulnerability management, and AI-enabled cyber operations across government, industry, academia, and standards communities.
The Cyber Ontology Foundry suports NCOR’s broader mission to advance ontology engineering best practices for trustworthy, interoperable data and AI systems.
Why the Cyber Ontology Foundry exists
The cyber domain contains many valuable standards, schemas, taxonomies, and knowledge resources, including:
- STIX/TAXII
- MITRE ATT&CK
- D3FEND
- CAPEC
- CVE
- CWE
- CPE
- NIST Cybersecurity Framework
- NIST SP 800-53
- OSCAL
- CIS Controls
These resources are useful, but they were not all designed with a shared formal semantic foundation.
The Cyber Ontology Foundry provides a complementary semantic layer that helps clarify the entities, processes, roles, artifacts, vulnerabilities, threats, controls, observations, evidence, and claims represented in and across these resources.
The Foundry does not aim to replace existing cyber standards. It aims to make them more semantically interoperable.
What the Foundry provides
The Cyber Ontology Foundry provides:
| Resource | Purpose |
|---|---|
| Reference ontologies | Open, formally represented ontology content for the cyber domain. |
| Domain modules | Focused ontologies for areas such as vulnerabilities, incidents, controls, observations, threats, assets, and cyber operations. |
| Standards mappings | Mappings between Foundry ontology terms and existing cyber standards and schemas. |
| Design patterns | Reusable modeling patterns for recurring cyber ontology problems. |
| Use cases and competency questions | Practical scenarios and questions used to guide ontology development. |
| Governance and review procedures | Transparent procedures for contribution, review, release, and maintenance. |
GitHub organization
The Cyber Ontology Foundry is developed openly on GitHub.
- GitHub organization: Cyber Ontology Foundry
Founding principles
The Cyber Ontology Foundry is guided by the following principles.
| Principle | Meaning |
|---|---|
| Open | Public Foundry ontologies should be available for reuse, review, and extension. |
| Formalized | Ontology content should be represented in standard machine-readable formats, with OWL 2 as the minimum formal target for official modules unless an exception is approved. |
| Scoped | Every ontology should state what it covers, what it does not cover, and what neighboring ontologies it depends on. |
| Orthogonal | The Foundry should avoid unnecessary duplication and reuse existing ontology elements where possible. |
| Identified | Ontologies, classes, relations, and reference patterns should have stable identifiers and managed prefixes. |
| Defined | Classes and relations should have clear textual definitions. |
| Validated | Ontologies should be checked for consistency, satisfiability, and structural integrity. |
| Justified | Assertions, mappings, definitions, and design decisions should carry provenance and justification. |
| Governed | Every official ontology should have named maintainers, review procedures, and decision rights. |
| Reviewed | Development should be collaborative, issue-driven, and transparent. |
| Versioned | Releases should be versioned, archived, and accompanied by release notes. |
| Engaged | Maintainers should respond to community issues and evolving cyber practice. |
Ontology submissions
The Foundry accepts ontology submissions for review.
A submitted ontology may be:
- accepted as an official Cyber Ontology Foundry module;
- treated as a mapping or reference ontology;
- placed in experimental or provisional status;
- deferred or rejected.
Submission does not imply acceptance. Ontologies are reviewed for scope, openness, formal representation, documentation, identifier policy, relation reuse, logical quality, governance, maintenance, cyber relevance, and security suitability.
To submit an ontology, open an Ontology Submission issue in the appropriate Foundry repository.
Contributing
You can contribute by:
- submitting an ontology for review;
- requesting a new term;
- improving a definition;
- proposing a relation;
- proposing a mapping to an external standard;
- contributing a design pattern;
- adding a use case or competency question;
- reporting an ontology bug;
- improving documentation;
- participating in a working group.
Start by opening an issue in the relevant repository.
Security and sensitive content
Because the Foundry operates in the cyber domain, contributors must not submit:
- classified information;
- controlled unclassified information without authorization;
- proprietary information without permission;
- unreleased vulnerability details;
- exploit-enabling operational details;
- target-specific operational information;
- credentials, keys, tokens, or secrets;
- personal or organizational information unsuitable for public release.
Public reference ontologies should remain open wherever possible. Restricted operational extensions may exist, but they should preserve compatibility with the public core and must not leak sensitive content into public repositories.
Relationship to NCOR
NCOR supports the development of community-governed ontology resources, education, review practices, and standards-aligned semantic infrastructure.
The Cyber Ontology Foundry aligns with this mission extending into the cyber domain by providing a public space for cyber experts, ontology engineers, standards developers, researchers, analysts, and implementers to coordinate on shared semantic resources.
Get involved
Interested in updates, working groups, ontology review, or contributing to the Cyber Ontology Foundry?
Sign up for the Cyber Ontology Foundry
You can also:
- Visit the Cyber Ontology Foundry GitHub organization.
- Read the contribution guidelines.
- Open an issue for a term, mapping, ontology submission, use case, or design pattern.
- Join or propose a working group.
- Participate in review and discussion.
For general NCOR information, visit the NCOR Network homepage.