The OTTF is developing conformance criteria and an accreditation program so that organizations (providers, component suppliers, and integrators) can become accredited as Trusted Technology Providers, for conforming to the O-TTPS. The O-TTPS has been released in DRAFT form as a Snapshot – please see Background below.
The Wednesday session was spent working on the conformance criteria, the accreditation package, and refining the assessment methodology. Significant progress was made in all areas.
The OTTF plans to submit the O-TTPS conformance criteria and accreditation policy to The Open Group Review and Approval Process in Q2 2013.
An overview of the OTTF Forum, its history, supply chain challenge, objectives, members, deliverables, milestones, and timelines can be found here.
The Forum released the Open Trusted Technology Provider Standard (O-TTPS) Snapshot in February of this year. It can be downloaded free-of-charge from The Open Group bookstore.
The O-TTPS Snapshot is a draft – a snapshot in time - of what is intended to become an open standard for organizational commercial best practices that when properly adhered to will enhance the security of the global supply chain and the integrity of Commercial Off The Shelf (COTS) Information Communication Technology (ICT) products. It will provide a set of best practice requirements and recommendations that help assure specifically against tainted and counterfeit products throughout the COTS ICT product life cycle, encompassing the following phases: design, sourcing, build, fulfillment, distribution, sustainment, and disposal.
Using the guidelines and best practices documented in the O-TTPF (Framework) as a basis, the OTTF will take a phased approach and stage the O-TTPS releases over time. This staging will consist of standards that focus on mitigating specific COTS ICT risks from emerging threats. As threats change or market needs evolve, the OTTF intends to update the O-TTPS by releasing addenda to address specific threats or market needs.
The O-TTPF (Framework), on which the Snapshot is based, is an evolving compendium of organizational guidelines and best practices relating to COTS ICT products, and the security of the supply chain throughout the entire product life cycle. A publically available early version of the Framework was released as a White Paper in February 2011.
Continue evolving conformance criteria, evidence of conformance, and the assessment methodology that will be used. The Forum members meet two to three times per week to progress this work.
If you are interested in joining the OTTF so that your organization can be part of the consensus process as it defines the Accreditation Program and refines the Snapshot to V1.0 of the Standard, then please contact Chris Parnell at firstname.lastname@example.org.