Global Outreach and Acquisition (GOA)
The GOA work stream’s focus is to: “formulate and support … procurement strategies” that enable customers to buy with confidence. The OTTF promotes the fact that technology products are built today in a global ecosystem. The Global Outreach efforts seek to establish relationships with government and industry entities to ensure the OTTF results can and will be adaptable to global acquisition strategies.
The chairs of the Global Outreach (Dan Reddy, EMC) and Acquisition (Joanne Woytech, NASA) work stream presented their draft charter, strategy, and plans for progressing the global outreach efforts of the OTTF. The strategy and plan were very well received in terms of objectives and identifying target governments and agencies. The execution plan was well thought out with a few actions below for refinement.
The Global Outreach and Acquisition presentation can be found here.
- The general approach is well defined; the action is to define a set of explicit process steps so that outreach efforts can be carried out systematically and by various individuals, including The Open Group to maintain vendor-neutrality and process adherence.
- Member companies should indicate their interests in working with particular governments and government agencies.
- Since all outreach cannot be done face-to-face, the GOA will work with the marketing committee to develop a set of slides and messages to be used for outreach web conferences.
One of the chairs of the Standards Harmonization work stream (Karen Richter, IDA) presented the Standards Harmonization landscape via an extensive spreadsheet describing relevant international standards efforts including: abstracts, status, and where international standards map to the areas of the O-TTPF Best Practices, so that the OTTF can prioritize which standards initiatives they should liaise with to harmonize their work. The findings thus far indicate that there is no one standard in the industry that covers the breadth of the best practices covered by the O-TTPF, although there are some standards that map to individual elements of the best practices.
The Standards Harmonization Presentation can be found here.
The Standards Harmonization Landscape Spreadsheet can be found here.
- Next steps are to prioritize liaisons, determine the type of relationships we envision, and how we expect to harmonize the work for each of the prioritized standards efforts.
- Members will be providing information on the utilization of standards identified in the landscape (e.g., which ones are required in an acquisition document, which ones are required by a customer, etc.) – deadline for input is May 31st.
- Determine whether we can still submit comments to the NISTR to reflect the OTTF position.
The Chair of the OTTF Marketing Committee (Kim Gibbons, Cisco) provided a presentation that outlined the objectives of the Committee.
The Committee feels that the OTTF should continue to emphasize milestones and progress, such as: the O-TTPF White Paper released in Q1/11, the progress being made on defining best practice requirements, and their recent outreach efforts to global governments including: the US, where they met with House and Senate Committees, and the Department of Commerce, Japan, UK during the Roundtable event at the London Conference, our efforts with India, and in the future when we reach out to Canada, Brazil, and China.
The Committee stressed the importance of emphasizing membership growth from launch on December 15, and the importance of expanding to include all types of members: large, medium, and small providers, global governments, and large customers, which will all be part of the focus of this next quarter – for both the Global Outreach and Acquisition Work Stream and the Marketing Committee.
Members of the OTTF include: AtSec, Boeing, CA Technologies, Carnegie Mellon SEI, Cisco, EMC, Hewlett-Packard, IBM, IDA, Juniper Networks, Kingdee, Microsoft, MITRE, NASA, Oracle, OUSD (Acquisition, Logistics and Technology), SAIC, SAP, and US DoD/CIO.
The Marketing Committee presentation can be found here.
- The Marketing Committee needs additional resources from member companies; members should look to their marketing teams for input.
- The Committee stressed the importance of follow-up for outreach activities. The Marketing Committee will work with Global Outreach and Acquisition on managing follow-ups.
- The Committee plans to focus on steady delivery of OTTF messages, relevant blogging, press releases, and may develop a “calendar editorial” as a tool in this area.
The OTTF was formed in response to the increased sophistication and severity of cybersecurity attacks worldwide, and the possible incidence of vulnerabilities introduced by use of technology provided through the global supply chain. Governments and organizations buy products from companies they trust, but those companies usually do not directly manufacture all the components of their products.
Developing an accreditation program that ensures product integrity throughout the supply chain will alleviate these security concerns.#
The Open Group VP of Certification, James DeRaeve gave a presentation that highlighted The Open Group expertise and extensive use of proven deployed templates that allow for customization of different types of certification and accreditation programs. He emphasized that because of the skilled staff and tools, The Open Group can expeditiously create an accreditation program that is defined by the members to meet their specific needs.
The Accreditation presentation can be found here.
Open Trusted Technology Provider Framework (O-TTPF) Best Practices
The final session of the week was devoted to progressing the best practices in the O-TTPF. The group completed their work on Best Practices for Secure Development methods, and will move forward on the section on Supply Chain. The section on Supply Chain Best Practices is to be reviewed, revised, and agreed by the members within the next few weeks.
The DRAFT – May 11 version of the Open Trusted Technology Provider Framework (O-TTPF) Best Practices can be found here.