The O-TTPS Snapshot will be a draft – a snapshot in time - of what is intended to become an open standard for organizational commercial best practices that when properly adhered to will enhance the security of the global supply chain and the integrity of Commercial Off-The-Shelf (COTS) Information Communication Technology (ICT) products. It will provide a set of guidelines and best practice requirements and recommendations that help assure specifically against tainted and counterfeit products throughout the COTS ICT product life cycle, encompassing the following phases: design, sourcing, build, fulfillment, distribution, sustainment, and disposal.
Using the guidelines and best practices documented in the O-TTPF (Framework) as a basis, the OTTF will take a phased approach and stage the O-TTPS releases over time. This staging will consist of standards that focus on mitigating specific COTS ICT risks from emerging threats. As threats change or market needs evolve, the OTTF intends to update the O-TTPS (Standard) by releasing addenda to address specific threats or market needs.
The Framework, on which the Snapshot is based, is an evolving compendium of organizational guidelines and best practices relating to COTS ICT products, and the security of the supply chain throughout the entire product life cycle.
A publically available early version of the Framework was released as a White Paper in February 2011.
Submit the O-TTPS proposed Snapshot to The Open Group Snapshot Approval Process, with the goal of having the Snapshot approved for publication prior to the RSA Conference at the end of February, where there will be a panel on Trusted Technology with four members of The Open Group OTTF and a representative from NIST. The panelists are hoping to point to the Snapshot if it is approved and published by that time.