Boston 2014: Proceedings - OTTF

Printer-friendly version

The Open Group Trusted Technology Forum (OTTF) Member Meeting

Objectives of the 3-Day Meeting

The objectives of the OTTF member meeting sessions were to:

  1. Review the OTTF Roadmap
  2. Review progress on Corrigenda/O-TTPS 1.1 Company Review
  3. Update status and discuss any concerns on the Publically Available Specification (PAS)
  4. Provide a progress report on the Chinese Translation of Version 1.1
  5. Complete the first round of input on our Printed Circuit Board (PCB) use-case application for the O-TTPS Assessment Procedures
  6. Reach consensus on recommendations (to be taken back to the Steering Committee) for any outstanding CRs for the Mapping Table: O-TTPS Assessment Procedures to Common Criteria (CC) Evaluation Procedures
  7. Provide an overview of the OTTF branding session that had been previously conducted.

Summary

OTTF Roadmap

The Roadmap, which is updated each quarter, was presented and milestones were discussed.

Corrigenda 1.1. Company Review

The Company Review for the O-TTPS Corrigenda to 1.0 was completed last quarter. A request for approval for the Corrigenda was to be considered by The Open Group Governing Board during their meeting at the Boston Conference on Thursday.

I am pleased to report that the O-TTPS Corrigenda to 1.0, which once applied to the standard results in a new Version 1.1, was approved by the Board. O-TTPS Version 1.1 will be available shortly from the Bookstore under the Trusted Technology section.

PAS Submission to ISO

There was also a request to The Open Group Governing Board to approve the submission of the O-TTPS Version 1.1 as a PAS submission to ISO/IEC JTC1.

I am pleased to report that The Open Group Governing Board approved that request. The Open Group Director of Standards will proceed with providing the submission request to ISO/IEC JTC1 for their consideration and approval.

Chinese Translation of O-TTPS 1.1

A Translation (Simplified Chinese) of the O-TTPS Version 1.1 is underway, and the Company Review for that is expected to begin in mid-August.

O-TTPS Assessment Procedures

A new version (1.1) of the Assessment Procedures is expected in Q4 of this year and will be published on the O-TTPS Accreditation website. This is to account for any changes resulting from the use-case scenarios that are being applied to the Assessment Procedures; for example, Printed Circuit Board (PCB) providers. These changes will be approved through the consensus process.

Over the course of the 3-day member meeting in Boston, the majority of the time was spent on looking at use-case scenarios as they applied to the Assessment Procedures. The objective was to look at each of the requirements to determine whether the requirement itself was equally applicable to the use-case and to determine whether the types of acceptable conformance evidence listed for that requirement in the Assessment Procedures were sufficient for the use-case and if not to suggest additional types of conformance evidence that would be more directly applicable.

Once we completed the PCB provider use-case, the group decided to repeat the same exercise for integrators, distributors or non-value add resellers, and value-add resellers. Through that exercise we discovered there was almost complete overlap between applicability of the requirements to integrators and value-add resellers, depending on the value add, and that the types of evidence as listed were sufficient for these use-cases. We also determined that for non-value-add resellers and distributors, most if not all of the product development and secure engineering-related requirements were not applicable, while several of the supply chain requirements were applicable.

These discussions were captured as change bars in the Assessment Procedures. We will evolve this output during the Framework Workstream calls and will address how the Accreditation Program could more effectively include these additional use-cases, which may include some adaptations to the ISCA Document as well. The Forum Director will also be discussing this with the VP of Certification.

O-TTPS to CC Mapping Table

The Forum has completed a near final mapping table of Common Criteria Evaluation Procedures to O-TTPS Assessment Procedures. The mapping table is intended to be an O-TTPS Accreditation Support Document to be used by O-TTPS Recognized Assessors during assessments. It applies only to the O-TTPS Accreditation Program and only for those cases where a Selected Representative Product, which is being assessed in the program, is already a Common Criteria (CC) Target of Evaluation (TOE) with a published Security Target. This table will assist O-TTPS Recognized Assessors in determining which O-TTPS assessment procedures can be met by certain relevant CC SARs if they are stated as claims in the published Security Target and have been evaluated.

There was a good deal of discussion during the sessions on finalizing a recommendation to one of the outstanding Change Requests for the Mapping Table. The group will be providing that recommendation to the Framework Workstream for reaching consensus and moving forward with a final ballot to the Steering Committee in the coming weeks.

The first version of the Mapping Table is expected to be published as an O-TTPS Accreditation Support Document on the O-TTPS Accreditation website in Q4 of this year.

Branding Exercise Update

The output of an OTTF branding session that was conducted previously was shared with the group. This led to good discussion on how we might crisp up our messages for targeted audiences and how we might change our website and our social media focus to help in the branding effort. There was discussion about when to continue the branding workshop, as the first session was completed for only one target constituent and there are several more to do.

Outputs

Outputs are described in the descriptions above.

Next Steps

  1. The Roadmap is updated every quarter to reflect any changes that have occurred in the deliverables or the timelines.
  2. Once the O-TTPS 1.1 receives final Executive Management approval to publish, The Open Group Editor, Cathy Fox will publish the new version in The Open Group Bookstore.
  3. Andrew Josey, our Director of Standards will proceed with providing the submission request to ISO/IEC JTC1 for their consideration and approval of O-TTPS as a PAS Submission.
  4. Once the O-TTPS 1.1 is published we will begin the Company Review Process for translation of a Simplified Chinese version of 1.1.
  5. The Assessment Procedure changes that resulted from this week's work at the conference will be circulated to the Framework Workstream for their review and this should include a push to get additional subject matter experts from within the member companies who are familiar with the use-cases (e.g., PCB developers/manufacturers, integrators, resellers).
  6. Once the Forum review on the O-TTPS-to-CC Mapping Table is complete, the OTTF will proceed with Executive review and request for approvals to publish the supporting document. This will likely be in the August timeframe.
  7. The Forum Director will talk to the VP of Marketing about continuing the branding sessions and will pass on some of the suggestions that came from the members about website navigation and will work with marketing on any updates.

Links

See above.