The first Request for Comments (RFC) for the Internet Engineering Task Force (IETF), a standards body, addressing indicators of compromise (IoCs), has been made public by the UK’s National Cyber Security Centre (NCSC). RFCs are reference documents that include organizational notes and technical specs for the internet’s technical underpinnings. After they mature to a certain point, RFCs can be compared to standards.
The NCSC worked with industry professionals, notably Ollie Whitehouse, who is currently the organization’s CTO, for three years before producing RFC9424. IoCs, or “observable artifacts associated with an attacker,” are intended to use it as a “informative reference,” according to NCSC senior internet standards researcher Andrew S.