11:30-1:00: Progress Trusted Technology Accreditation Policy and Program and Evidence of Conformance
This member-meeting session was devoted to identifying the conformance criteria and the evidence of conformance that will be required by applicants who apply for accreditation to the planned O-TTPS Accreditation Program. The program will be open to all vendors and integrators; sub-component suppliers, providers, and integrators, wishing to be accredited against all of the mandatory requirements in the O-TTPS Snapshot/Standard and who, if successful, will be accredited as Trusted Technology Providers in the global supply chain.
2:00-3:30: Trusted Technology – Global Outreach & Acquisition: Draft Strategy and Plan for Global Outreach (Dan Reddy, CISSP, CSSLP, Consultant Product Manager, EMC Product Security Office, RSA – The Security Division of EMC)
Dan presented the Strategy for Global Outreach – asserting that we need to capitalize on the momentum we have had with: the release of the O-TTPS Snapshot, the RSA pane on OTTF and Supply Chain Security, and testifying on behalf of The Open Group and the OTTF, at a US Congress Subcommittee Hearing on Supply Chain Security, highlighting the fact that the OTTF is a viable government-industry solution for an industry standard and accreditation program to increase the security in the global supply chain. Dan stressed the importance of outreaching to other governments around the world – because if the OTTF work is to be successful, it needs to be adopted globally. He also stressed that we need to be aware of the sensitivities of the Common Criteria as we reach out to other countries; toward that end, the OTTF will continue to work with the CC in an effort to harmonize and not duplicate approaches – and to look for ways of mutually recognizing each other’s work.
Dan Reddy’s presentation can be found here.
4:00-5:30: Trusted Technology – Standards Harmonization: Draft Strategy and Plan for Standards Harmonization (Don Davidson, Chief, Outreach, Science & Standards, Trusted Mission Systems & Networks – TMSN/ DoD-CIO)
Don Davidson provided an excellent presentation of the various activities that the DoD is looking favorably at in the supply chain space, of which OTTF was one. The charts he presented really gave a good comprehensive picture on the DoD’s efforts in supply chain, demarking where the various initiatives fall on the cost/risk spectrum in terms of assuring against risks in high-assurance security products versus medium to high-assurance requirements in the COTS ICT world.
There was also discussion around what the next steps were to solicit feedback on the Snapshot and to gain support for the OTTF so that there is alignment rather than duplication of effort with other standards work. The action is to come up with a plan for vetting with the Steering Committee and then to implement it.
Don Davidson’s presentation can be found here.