Supply Chain Security
Washington, DC | July 25-27, 2022
Event Location
The Mayflower Hotel
1127 Connecticut Avenue, NW, Washington, DC, 20036
To reserve a room at our group rate of $225, please email your arrival and departure dates to:
Robert.Clark@themayflowerhotel.com
cc: events@opengroup.org
https://book.passkey.com/e/50335436
About the Event
July 25-26, 2022
Zero Trust Architecture
Zero Trust and Zero Trust Architecture (ZTA) represent a fundamental shift in security from implicit permissions to explicit permissions. This means organizations, whether public or private, are changing from allowing those inside a “secure” network to have access to assets whenever (implicit trust) to instead verifying the identity of those seeking access (explicit trust), allowing access only as needed by those who need it
when they need it. This is a shift from a perimeter-centric approach to an asset-centric approach. Zero Trust brings security to the users,
data & information, applications, APIs, devices, networks, cloud, etc. wherever they are – instead of forcing them onto a “secure” network.
How Zero Trust Architecture Can Help Secure Data
ZTA provides a way to secure data, a critical asset of the organization, allowing access only to those who need it.
- By treating data as an asset, a Zero Trust Architecture ensures the data can keep their integrity across their entire lifecycle.
- For organizations heavily relying upon data to make decisions, it is imperative that the data used keep their integrity and can be used by data scientists.
- By securing at the asset-level and utilizing secured zones as required, organizations can pursue business objectives while effectively managing risk and continue to operate while in a state of assumed breach.
- Organizations can maintain agility and complete in the Digital Age while remaining secure, operating in a world characterized by velocity, complexity, and disruption, with the goal of enabling better user experience through simplicity, speed, and ability to support scale.
Supply Chain Risk Management
As evidenced over the last couple years, threats to supply chain integrity are a global problem that impacts users and consumers of information and communications (ICT) technology. Solving this problem requires international adoption of best practices and standards by government and enterprise customers and large and small vendors who are all part of the supply chain.
NASA SEWP has worked with the Department of Defense, Private Industry and International Standards Groups for 20 years on Supply Chain Risk Management (SCRM) practices and standards, and the Government-Wide Acquisition Contracts (GWACs).
The NASA SEWP acquisition platform includes the Open Trusted Technology Provider (O-TTPS) ISO 20243 standard for "maliciously tainted and counterfeit products" that are consistent in purpose and intent with existing and emergent federal policy guidelines. There is a direct correlation between the ISO standard and the controls and practices advocated by NIST. The standard addresses some SCRM needs and can be leveraged by federal buyers to comply with recommended practices. The ISO standard can be applied throughout Government buying platforms utilizing articulated requirements. Learn about the Benefits of Being Certified as an Open Trusted Technology Provider (O-TTPS).
- Open Trusted Technology Provider Standard (O-TTPS)
Understand how O-TTPS helps assure product integrity and supply chain security so that industry can "Build with integrity, buy with confidence" - Learn best practices in all phases of a product's life cycle -- design, sourcing, build, fulfillment, distribution, sustainment, and disposal -- to enhance the integrity of COTS ICT products, and the security of their global supply chains
- Join O-TTPS Birds-of-a-Feather networking reception (Mon. evening) to discuss how to solve similar problems from different perspectives with like-minded individuals
The Open Trusted Technology Forum is responsible for maintaining and updating the Open Trusted Technology Provider™ Standard (O-TTPS), which is technically equivalent to ISO 20243. The O-TTPS differs from traditional cyber security standards in that it focuses on verification of the procedures used within the organization to maintain security and integrity of the supply chain, rather than on testing of individual products or systems. The certification program is one of the first of its kind in providing certification for conforming to standards for product integrity coupled with supply chain security.
Both private and public sector organizations increasingly rely on ICT solutions, which are produced globally, to run their operations. These systems need to be secure and to be kept free of major defects and vulnerabilities for customers to trust them. Equally, providers need to achieve integrity of their supply chains to help attest these systems do not ultimately compromise the security posture of their customers. Moreover, providers need to implement controls that strengthen the integrity of systems containing their intellectual property, thereby mitigating the risk of potential counterfeit components and the loss of intellectual property revenue.
Complimentary sessions (attend in-person or via LinkedIn Live):
- TOGAF® User Group (Tue. July 26, 2:00-5:30 pm)
- Data Science Workshop (Wed. July 27, 2:00-4:30 pm)
Agenda
07/25/2022
9:00 am - 9:15 am Welcome and Introductions
Steve Nunn
9:15 am - 9:25 am Zero Trust Architecture
What is Zero Trust, and What is the Security Forum’s ZTA Working
Group
John Linford
9:25 am - 10:15 am Zero Trust Architecture
NIST Zero Trust Architecture Project
Murugiah Souppaya
10:15 am - 10:50 am Zero Trust Architecture
Zero Trust – Transforming Information Security for the Digital Era
Nikhil Kumar Mark Simos
10:50 am - 11:15 am Break
11:15 am - 11:50 am Zero Trust Architecture
Promoting Zero Trust Conditional Access
Joseph Davis
11:50 am - 12:30 pm Zero Trust Architecture
How Zero Trust Enables More Effective Security Management
Jim Hietala
12:30 pm - 1:30 pm Lunch
1:30 pm - 2:10 pm Supply Chain Security
Actionable Supply Chain Security – Lessons from the Trenches!
Andras Szakal
2:10 pm - 2:50 pm Supply Chain Security
Open Trusted Technology Provider™ Standard and its Role in
Supply Chain Security
John Linford Geoff Wilkerson
2:50 pm - 3:30 pm Supply Chain Security
Supply Chain Security Solutions and Partnerships: MITRE’s
System of Trust™
Robert Martin
3:30 pm - 4:00 pm Break
4:00 pm - 5:30 pm Portfolio of Digital Open Standards - Digital Practitioners Work
Group
Sonia Gonzalez
5:30 pm - 7:00 pm Supply Chain Security
O-TTPS Birds-of-a-Feather with Open Trusted Technology Forum
5:30 pm - 7:00 pm Networking Reception
07/26/2022
9:00 am - 9:15 am Welcome and Introductions
Steve Nunn
9:15 am - 10:00 am Supply Chain Security
Supply Chain Risk Management: Past, Present and Future
Joanne Woytek
10:00 am - 10:45 am Supply Chain Security
Fit or Misfit – Results of ISO 20243 to NIST SCRM Guidance
Crosstalk
Jon Johnson Theresa Kinney
10:45 am - 11:15 am Break
11:15 am - 12:00 pm Supply Chain Security
Case Study: Using the IT4IT Reference Architecture to Get your
Product Supply Chain Security Under Control
Lars Rossen
12:00 pm - 1:30 pm Lunch
1:30 pm - 5:30 pm TOGAF® User Group | TOGAF Standard 10th Edition
Steve Nunn Jim Hietala Tony Carrato Sonia Gonzalez
Mark Bodman Dan Warfield Yannick Rudloff Andrew Josey
5:30 pm - 7:00 pm Networking Reception
07/27/2022
8:30 am - 10:30 am Security Forum Meeting (members only)
John Linford
2:00 pm - 4:30 pm Data Science Workshop (complimentary)
Neeraj Madan Maureen Norton
Speakers
Event Fees
(includes lunch and giveaways)
2-Day Pass (Mon and Tue)
Member: $700
Government: $800
Non-Member: $1025
1-Day Pass (Mon or Tue)
Member: $400
Government: $550
Non-Member: $650
* Complimentary Sessions (in-person and via LinkedIn Live) include:
TOGAF User Group (Tue)
Data Science Workshop (Wed)
Sponsors and Exhibitors