The Open Group published a draft version of the O-TTPS in March of this year (see Background section), which was opened up to the public for review and comment. The Monday and Tuesday sessions of this conference were devoted to resolving the Change Requests that were submitted during that feedback period.
Those recommendations will be submitted for consensus to the OTTF Steering Committee in the coming weeks.
Background
An overview of the OTTF Forum, its history, supply chain challenge, objectives, members, deliverables, milestones, and timelines can be found here.
The Open Trusted Technology Provider Standard (O-TTPS), released as a DRAFT (Snapshot), is an open standard for organizational commercial best practices that when properly adhered to enhances the security of the global supply chain and the integrity of Commercial Off-The-Shelf (COTS) Information Communication Technology (ICT) products. It provides a set of best practices that helps to assure specifically against tainted and counterfeit products throughout the COTS ICT product life cycle encompassing the following phases: design, sourcing, build, fulfillment, distribution, sustainment, and disposal. It is freely available from The Open Group bookstore.
Using the guidelines and best practices documented in the O-TTPF (Framework) as a basis, the OTTF will take a phased approach and stage the O-TTPS releases over time. This staging will consist of standards that focus on mitigating specific COTS ICT risks from emerging threats. As threats change or market needs evolve, the OTTF intends to update the O-TTPS by releasing addenda to address specific threats or market needs.
The O-TTPF (Framework), on which the Snapshot is based, is an evolving compendium of organizational guidelines and best practices relating to COTS ICT products, and the security of the supply chain throughout the entire product life cycle. A publically available early version of the Framework was released as a White Paper in February 2011.
Once the Change Requests have been resolved, they will be agreed by the OTTF Steering Committee and integrated into the next version, which will be submitted to The Open Group for review and approval by the membership, for publication as V1.0. The OTTF hopes to publish V1.0 of the Standard in Q1 of 2013.
The Forum members meet two to three times per week to progress this work.
If you are interested in joining the OTTF so that your organization can be part of the consensus process as it defines the Accreditation Program and refines the Snapshot to V1.0 of the Standard, then please contact Chris Parnell at c.parnell@opengroup.org.
