Announcement: OpenCASE framework reaches first milestone release - 2025.07

I’m very excited to announce the first milestone release of the OpenCASE framework!

What exactly does this mean? In plain English, it means that “what you see is what you get”. The Specification and other content on this site (and in the sorce repo) are now considered “stable” and will not be changed at all until the next milestone update, due in January 2026 (as per the FAQ).

In technical terms, it means that main branch from the source repository is now the published, “stable” version of the framework, and is considered “read only”. It will not recieve any further changes until the next milestone update. A new “development” branch has been created which is where suggested changes will be integrated into the framework for testing and feedback by the community. At the next scheduled milestone update, the development branch will be merged into main to create the next published version of the framework.

A massive thank you to everyone who provided feedback on the initial draft. I hope the community around OpenCASE will only continue to grow and attract more top tier contributions from the cybersecurity and small business communities.

Changes from the draft version

Only a few minor changes and additions have been incorporated into the framework since the initial draft was published:

• Addtional wording and clarifications made to Priority 1, Implementation Levels 2 & 3 regarding use of strong MFA.
• Documented list of datasets and associated business roles/teams added to completion criteria for Priority 5, Implementation Level 2.
• A simplified attestation badge format has been added to represtent full alignment with each Implementation Level.
• Version stamps added to attestation badges.
• A few typos and grammatical errors fixed.