As the complexity of the cyber attacks are increasing, there is a growing demand for proactive defense against them. CYBersecurity information EXchange (CYBEX) is playing a crucial role to implement proactive defense. CYBEX conveys organizations' sensitive information which demands proper access control management. However, previous works in this area do not consider access control for CYBEX. In this work, we tackle the access control problem in CYBEX. We model the attribute based access control in CYBEX with a semi-trusted sharing server. To achieve attribute based access control in CYBEX, our mechanism is developed based on the concepts of ciphertext policy attribute based encryption (CP-ABE) [1] and STIX [2]. The mechanism's workflow is as follows, at the beginning users claim their attributes from attribute authorities, then a key generation center generates decryption keys for users based on their attributes. For the sharing, organizations embed access control to their shared data. This is conducted by encrypting sensitive information such that only users with appropriate attributes can decrypt them. Security analysis, implementation and performance evaluation indicate the effectiveness and efficiency of the mechanism.