The Open Group Open Trusted Technology Forum (OTTF) is pleased to announce that it is initiating a project to update the Open Trusted Technology Provider™ Standard (O-TTPS), a standard of The Open Group, Parts 1 and 2 to Version 2.0. The O-TTPS V2.0 Update Project will seek to update Parts 1 and 2 of the O-TTPS to reflect learnings from organizations that have successfully certified products against the standards as well as the work done by government organizations in the area of supply chain security.
About the Open Trusted Technology Forum (OTTF)
The OTTF was formed in response to the increased sophistication of cybersecurity attacks worldwide, increased loss of vendor intellectual property, and increased product vulnerability risks associated with the changing threat landscape. Since then, it has published the O-TTPS and developed the O-TTPS Certification Program and the Open CTTP Professional Certification.
The Open Trusted Technology Provider™ Standard (O-TTPS)
The O-TTPS is an open standard containing a set of organizational guidelines, requirements, and recommendations for integrators, providers, and component suppliers to enhance the security of the global supply chain and the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT). The O-TTPS, if properly adhered to, will mitigate the risk of maliciously tainted and counterfeit products throughout the COTS ICT product lifecycle encompassing the following phases: design, sourcing, build, fulfillment, distribution, sustainment, and disposal.
“The O-TTPS has been an integral part of Seagate Technology’s approach to product security, enabling us to mitigate risk in the product life cycle.” – Geoff Wilkerson, Product Security Engineer, Seagate Technology
Version 1.0 of the O-TTPS was initially released in April 2013. In July 2014, it was updated to V1.1 and later approved as ISO/IEC 20243:2015 in September 2015. In 2018, the O-TTPS was updated to O-TTPS Part 1: Requirements and Recommendations, Version 1.1.1 and O-TTPS Part 2: Assessment Procedures for the O-TTPS and ISO/IEC 20243-1:2018, Version 1.1.1.
Part 1 of the standard provides a set of guidelines, requirements, and recommendations that mitigates against maliciously tainted and counterfeit products throughout the COTS ICT product lifecycle. Part 2 of the standard provides assessment procedures that may be used to demonstrate conformance with the requirements provided in Chapter 4 of Part 1 of the standard.
The O-TTPS Certification Program
The OTTF has developed conformance requirements, assessment procedures, and a certification program so that organizations (OEMs, component suppliers, integrators, distributors, and value-added resellers) who conform to the standard can become certified as Open Trusted Technology Providers through the O-TTPS Certification Program, which was launched in February 2014.
Through the O-TTPS Certification program, customers and business partners can identify Certified Open Trusted Technology Providers because those certified for conformance to the standard appear on a public registry and are granted the use of the trademark logo. Identifying Open Trusted Technology Providers on a public registry acts as a business differentiator that not only benefits commercial customers and governments, who can choose only to work with integrators and OEMs who are certified, but also benefits integrators who can identify and choose to partner with certified OEMs. Finally, it benefits OEMs, who can identify and choose to work with certified component suppliers, distributors, or resellers.
The O-TTPS V2.0 Update Project
The O-TTPS V2.0 Update Project of the OTTF kick off on September 9 and subsequent meetings will identify general areas of the O-TTPS to be updated. The Forum will also work to finalize the Project Charter, establish relevant Working Groups within the OTTF to update the O-TTPS, and develop a general roadmap for project deliverables.
“Over the last 10 years, ICT providers have come a long way in both their recognition of supply chain threats and their approaches to Supply Chain Risk Management (SCRM). The Open Trusted Technology Framework and Standard should be updated with the latest best practices and the O-TTPS/ISO 20243 standard changed to reflect changes in the threat landscape with new practices and techniques for mitigating those risks.” – Andras R. Szakal, OTTF Chairperson; VP & CTO, Federal Government, IBM
After publishing the updated standard through The Open Group Standards Process, the O-TTPS Certification Program and other accompanying publications will be updated to reflect the updated standard.
The OTTF welcomes all current Silver Members of the OTTF and all Gold and Platinum Members of The Open Group to join the O-TTPS V2.0 Update Project. We invite you to contribute to this global standard to help enhance the security of the global supply chain and the integrity of COTS and ICT.
If you are interested in joining the O-TTPS Version 2.0 Update Project or have questions about it, contact OTTF Forum Director John Linford at j.linford@opengroup.org
