By Sally Long, The Open Group
Globalization has transformed the supply chain forever. While it has brought benefits to large Commercial Off-the-Shelf (COTS) Information and Communication Technology (ICT), it has also brought considerable risk. Although most technology hardware and software products today would not exist without global development, the increase of sophisticated cyberattacks has forced technology suppliers and governments to take a more comprehensive approach to risk management in order to protect supply chain integrity and security.
The Open Group Trusted Technology Forum (OTTF) was founded to help technology companies, customers, government and supplier organizations address the risks that tainted and counterfeit products posed to organizations, and the forum made a big step in that direction this week. On March 5, OTTF announced the release of a snapshot preview of the Open Trusted Technology Provider Standard (O-TTPS) that will help global providers and acquirers of COTS ICT products by providing them with best practices that aim to enhance the security of the global supply chain.
The purpose of the snapshot is to:
- Enable participants across the COTS ICT supply chain to understand the value in adopting best practice requirements and recommendations
- Provide an early look at the standard so providers, component suppliers and integrators can begin planning how to implement the standard within their organizations, and so customers, including government acquirers, can differentiate those providers who adopt the standard’s practices
- Preview the criteria for mitigating tainted or counterfeit technology products from entering the supply chain
O-TTPS Version 1.0 will be published later this year. There have been many organizations that have helped shape the initiative thus far, and we will continue to rely on the support and guidance of: Apex Assurance, atsec Information Security, Boeing, Booz Allen Hamilton, CA Technologies, Carnegie Mellon SEI, Cisco, EMC, Fraunhofer SIT, Hewlett-Packard, IBM, IDA, Juniper Networks, Kingdee, Lockheed Martin, Microsoft, MITRE, Motorola Solutions, NASA, Oracle, Office of the Under Secretary of Defense for Acquisition, Technology and Logistics (OUSD AT&L), SAIC, Tata Consultancy Services, and U.S. Department of Defense/CIO.
We anticipate that O-TTPS will have a significant impact on how organizations procure COTS ICT products over the next few years across the global supply chain and are interested in hearing your thoughts on the snapshot and the initial direction of the standard. We welcome any feedback in the comments section below, and if you would like to help further define this standard and the conformance criteria for accreditation, please contact Mike Hickey or Chris Parnell regarding membership.
Sally Long is the Director of Consortia Services at The Open Group. She was the Release Engineering Section Manager for all collaborative, multi-vendor, development projects (OSF/1, DME, DCE, and Motif) at The Open Software Foundation (OSF), in Cambridge Massachusetts. Following the merger of OSF and X/Open under The Open Group, Sally served as the Program Director for multiple Forums within The Open Group including: The Distributed Computing Environment (DCE) Forum, The Enterprise Management Forum, The Quality of Service (QoS) Task Force, The Real-time and Embedded Systems Forum and most recently the Open Trusted Technology Forum.