The Open Trusted Technology Provider™ Standard (O-TTPS) – Approved as ISO/IEC 20243:2015 and the O-TTPS Certification Program

By The Open Group

The increase of cybersecurity threats, along with the global nature of Information and Communication Technology (ICT), results in a threat landscape ripe for the introduction of tainted (e.g., malware-enabled or malware-capable) and counterfeit components into ICT products. This poses significant risk to customers in the operation of their business enterprises and our critical infrastructures.

A Shared Language for Supply Chain Security

In the world of technology, there are paradigms of language that arise organically and artificially over time. Necessity requires a shared mode of communication for ideas and as a result, descriptors, nouns, and technical designators are created and shared. The problem arises when certain words acquire a surfeit of meaning, so much so that they paradoxically become less meaningful. There are many examples of this but for our purposes, we’re going to look at “Supply Chain Security”.

Solorigate: A case study for why supply chain security is critical for governments and businesses

By Jim Hietala (VP, BD and Security), Andras Szakal (VP and CTO), John Linford Security and OTTF Forum Director) – The Open Group

In potentially the most damaging cyber-supply chain attack ever, a leading IT systems management vendor became the latest hi-tech company to suffer a major cybersecurity breach with wide-reaching consequences. The malware that caused the attack has been dubbed SUNBURST by Microsoft and code-named Solorigate by FireEye, the security consulting firm that uncovered the breach after falling victim to it late last year.

After successfully infiltrating the development environment, attackers were able to observe and learn how to subvert the vendor’s development and operations pipeline. Hackers were then able to maliciously taint the vendor’s product by planting a sophisticated trojan. Once the software, which required broad systems access, was installed in customers’ environments, the attackers were able to leverage the tainted software to exfiltrate sensitive information from within an organization’s network.

Open Trusted Technology Provider™ Standard (O-TTPS) Version 2.0 Update Project

The Open Group Open Trusted Technology Forum (OTTF) is pleased to announce that it is initiating a project to update the Open Trusted Technology Provider™ Standard (O-TTPS), a standard of The Open Group, Parts 1 and 2 to Version 2.0.  The O-TTPS V2.0 Update Project will seek to update Parts 1 and 2 of the O-TTPS to reflect learnings from organizations that have successfully certified products against the standards as well as the work done by government organizations in the area of supply chain security.

The Open Group San Antonio 2020 – Event Highlights

The Open Group hosted its latest event at the Marriott Riverwalk in the lively city of San Antonio, Texas. On January 27 – 30, we welcomed attendees from across the globe – including decision-makers, Enterprise Architects, Data Scientists, engineers, technologists, and end-users representing many businesses and governments – to explore how organizations can utilize their growing volume of data effectively and securely as part of a digital transformation program.

Operational Resilience through Managing External Dependencies

These days, organizations are rarely self-contained. The challenge here is how to manage the dependencies your operations have on factors that are outside your control. The Open Group’s Dependency Modeling (O-DM) standard specifies how to construct a dependency model to manage risk and build trust over organizational dependencies between enterprises – and between operational divisions within a large organization.

When Was Your Last Enterprise Architecture Maturity Assessment

Every company should plan regular architecture capability maturity assessments using a model. These should provide a framework that represents the key components of a productive enterprise architecture process. A model provides an evolutionary way to improve the overall process that starts out in an ad hoc state, transforms into an immature process, and then finally becomes a well defined, disciplined, managed and mature process. The goal is to enhance the overall odds for success of the Enterprise Architecture by identifying weak areas and providing a defined path towards improvement. As the architecture matures, it should increase the benefits it offers the organization.

1 2