Jump to content

Open Trusted Technology Provider Standard

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Danreddy (talk | contribs) at 14:04, 26 February 2015 (Created page with '{{User sandbox}} <!-- EDIT BELOW THIS LINE --> [ENTRY HEAD] Trusted Technology Forum [SECTION HEAD] Trusted Technology Forum The Open Group Trusted Technology...'). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

This sandbox is in the article namespace. Either move this page into your userspace, or remove the {{User sandbox}} template. [ENTRY HEAD] Trusted Technology Forum

[SECTION HEAD] Trusted Technology Forum

The Open Group Trusted Technology Forum (OTTF) is focused on increasing product integrity and security in global information technology supply chains. The OTTF develops standards for best practices that information technology providers can use as part of their engineering and manufacturing methods to enhance the security of global supply chains and the integrity of COTS ICT products.

The OTTF provides a vendor-neutral forum for technology and communications providers, integrators and distributors to work with customers and governments to offer input into the development of international standards and policy initiatives related to supply chain security and secure engineering practices. The OTTF works in alignment with other industry standards organizations and with governments to create consensus-driven open standards that can be adopted across the globe to secure technology supply chains.

[SECTION HEAD] Background Private and public sector organizations rely largely on commercial-off-the-shelf (COTS) information and communication technology (ICT) products to run their operations. These products are often produced globally, with processes like design, development and manufacturing all taking place in different locations across the globe. With increased security threats worldwide, ICT providers need to reduce defects and vulnerabilities in their products’ life cycles. Providers must also ensure the integrity of their supply chains to reduce the risk of counterfeit and tainted products.

The OTTF was formed in response to the increased sophistication of cybersecurity attacks worldwide, as well as increased risks for product vulnerability across the supply chain due to the changing threat landscape. The intent is to help providers build products with integrity and to enable their customers to have more confidence in the products they buy.

[SECTION HEAD] History In 2009, the U.S. Department of Defense (DoD) worked with The Open Group to establish the Acquisition Cybersecurity (ACS) Initiative, which evolved from requirements identified at a Cybersecurity Roundtable in 2008. The ACS was intended to help providers identify recommended processes and controls. These processes and controls contribute to the creation of trusted technologies and the establishment of trust in technology supply chains. ACS was founded by several major international technology (hardware and software) companies in partnership with government agencies.

Although the DoD was a catalyst for the exploratory work of the initiative, the OTTF Forum was independently launched in December 2010 as an initiative within The Open Group to develop industry standards to enhance the security of global supply chains and the integrity of COTS ICT products. The OTTF Forum is managed like other forums within The Open Group where members help shape open standards and certification programs. The Forum establishes voluntary consensus standards and certification programs through The Open Group Standards Process, consistent with the US Government’s Office of Management and Budget (OMB) Circular A-119.

[SECTION HEAD] Approach and Objectives The OTTF supports the development and utilization of global standards, accreditation programs, procurement strategies and related activities that: • Help technology providers and their customers to “Build with Integrity, Buy with Confidence"™ • Advance worldwide cybersecurity • Support global innovation • Mitigate the consequences of regulation • Reduce risk and compliance costs • Protect operational assets [SECTION HEAD] Standards and Accreditation The O-TTPS (Standard): The O-TTPS is an open standard containing a set of guidelines that when properly adhered to have been shown to enhance the security of the global supply chain and the integrity of COTS ICT products. It provides a set of guidelines, requirements, and recommendations that help assure against maliciously tainted and counterfeit products throughout the COTS ICT product life cycle encompassing the following phases: design, sourcing, build, fulfillment, distribution, sustainment, and disposal. The first version was published in April 2013. Version 1.1 of the O-TTPS standard was published in July 2014 . This Program allows technology providers, hardware and software component suppliers, integrators and distributors to become accredited as an Open Trusted Technology Provider™ in conformance to the Standard . This program began in February 2014 . In addition, the Standard is accompanied by the O-TTPS Accreditation Program (Program). The primary objective of the Program is to provide confidence to acquirers of COTS ICT that the risks associated with tainted and counterfeit products are addressed through conformance to the Standard. Demonstration of conformance through an independent, voluntary accreditation program provides formal recognition of a provider's conformance to the Standard. Organizations do not have to be members of The Open Group to apply for accreditation; it is open to all, though members in the OTTF Forum are responsible for defining and evolving the standard and accreditation program through a formal consensus process.

[SECTION HEAD] References 

 http://www.opengroup.org/subjectareas/trusted-technology

 http://www.infoworld.com/article/2613780/supply-chain-management/supply-chain-2013--stop-playing-whack-a-mole-with-security-threats.html

 http://www.dhs.gov/news/2011/01/06/securing-global-supply-chain

 http://blog.opengroup.org/2012/03/28/the-open-group-testifies-before-congress-on-the-supply-chain-landscape/

 The Open Group press release: http://www.opengroup.org/news/press/open-group-releases-global-technology-supply-chain-security-standard

 https://www2.opengroup.org/ogsys/catalog/C147
 http://ottps-accred.opengroup.org/home-public
Retrieved from "https://en.wikipedia.org/w/index.php?title=Open_Trusted_Technology_Provider_Standard&oldid=648938069"