Open Trusted Technology Forum Member Meeting
Objective of Meeting
The Open Trusted Technology Forum member meeting predominantly focused on finding resolutions to Change Requests (CRs) submitted against the Conformance Requirements for the Trusted Technology Practitioner Profession (Open CTTP) and the Configuration Document for the Trusted Technology Practitioner Profession (Open CTTP). The meeting also sought to identify future projects that could attract new members and increase participation.
The meeting focused on several topics:
- Finding resolutions to CRs submitted against the two OTTF documents that recently came out of Company Review
- Identifying future directions of the Forum, such as increasing outreach efforts both to attract new certifications and to participate in government publications
- Identifying ways to encourage participation by current members, such as asking members for their comments on NIST or MITRE standards
- Updating the Open Trusted Technology Provider™ standard (O-TTPS) because it was published in November of 2015 and likely could use updates/changes to the best practices described within it
The Forum found resolutions to all CRs submitted against the Open CTTP Conformance Requirements and the Open CTTP Configuration Document. Consistent resolutions involved clarifying that O-TTPS: ISO/IEC 20243 is not the sole method acceptable for certification; many changes involved using language like “such as those described in”, “including”, and “such as”. The Forum Director will move both documents forward to the ballot stage.
The Forum also decided to create a new project focused on updating/revising O-TTPS as well as asking for comments from Forum members on SP800-171B.
After receiving comments from members, Forum Chair Andras Szakal and Forum Director John Linford will work to synthesize the feedback and submit it before the comment period closes.
John Linford will create a charter for the project to update/revise the O-TTPS.
Steve Borchert will put together a marketing outreach plan to be shared with the Forum.
- SP 800-171B (DRAFT): Protecting Controlled Unclassified Information in Non-federal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets