The Open Trusted Technology Forum (OTTF)
DEVELOPING OPEN STANDARDS AND CERTIFICATION PROGRAMS TO HELP ASSURE PRODUCT INTEGRITY AND GLOBAL SUPPLY CHAIN SECURITY
Our objective is to increase product integrity and supply chain security by developing open standards and certification programs that identify Open Trusted Technology Providers™ - so that industry can "Build with integrity, buy with confidence".
WHO WE ARE & WHAT WE DO
The Open Trusted Technology Forum provides a collaborative environment to facilitate creating international standards focused on supply chain security to establish a unified view of practicing supply chain risk management (SCRM) for information and communication technology (ICT) products. Through this public-private partnership, the OTTF has developed two preeminent international certification programs: The Open Trusted Technology Provider ™ Standard (O-TTPS) Certification Program and the Certified Trusted Technology Practitioner (Open CTTP) Professional Certification.
Private and public sector organizations increasingly rely on information and communication technology (ICT) solutions, which are produced globally, to run their operations. These systems need to be secure and to be kept free of major defects and vulnerabilities for customers to trust them. Equally, providers need to achieve integrity of their supply chains to help attest these systems do not ultimately compromise the security posture of their customers. Moreover, providers need to implement controls that strengthen the integrity of systems containing their intellectual property, thereby mitigating the risk of potential counterfeit components and the loss of intellectual property revenue.
Vision & Mission
OTTF Global Outreach Efforts - Facilitating global adoption of trusted technology standards
Threats to supply chain integrity are a global problem that impacts users and consumers of information and communications technology. Solving this problem requires international adoption of best practices and standards by government and enterprise customers and large and small vendors who are all part of the supply chain, and who share a critical interest in:
- • Reducing risk and compliance costs
- • Protecting operational assets
- • Fostering innovation
The OTTF provides a venue through which technology and communications vendors, working with industry and customers, including government, can develop a unified voice to provide input into international standards and policy initiatives related to supply chain security and secure engineering practices. The OTTF works with other international standards organizations to ensure that this work is aligned where appropriate. It is also engaged in outreach activities to global governments to assure understanding of supply-chain issues and encourage adoption of the O-TTPS.
The OTTF provides a vendor-neutral environment where security, supply chain, acquisition, and test lab professionals can lead the development of industry standards and certification programs, utilize the broad reach of The Open Group to build global recognition for them, and network with a world-class community of experts and peers to grow professionally. Experts from both the customer and supply sides of industry, government, and academia are invited to join the OTTF, and existing Gold and Platinum Members of The Open Group are invited to participate in the OTTF.
Trusted Technology Provider Spotlight
Produced by NASA Solutions for Enterprise-Wide Procurement (SEWP), a Government-Wide Acquisition Contract (GWAC), this video explains the features and benefits of utilizing Contract Holders that have earned the O-TTPS Certification.
The Open Trusted Technology Provider™ Standard (O-TTPS) Certification Program
The Open Trusted Technology Provider™ Standard (O-TTPS) Certification Program
The O-TTPS Certification Program enables organizations that conform to the standard to be certified as Open Trusted Technology Providers™.
The O-TTPS, a standard of The Open Group, provides a set of guidelines, recommendations and requirements that help assure against maliciously tainted and counterfeit products throughout commercial off-the-shelf (COTS) information and communication technology (ICT) product lifecycles.
The standard includes best practices throughout all phases of a product’s life cycle: design, sourcing, build, fulfillment, distribution, sustainment, and disposal, thus enhancing the integrity of COTS ICT products and the security of their global supply chains.
The O-TTPS differs from traditional cyber security standards in that it focuses on verification of the procedures used within the organization to maintain security and integrity of the supply chain, rather than on testing of individual products or systems. The certification program is one of the first of its kind in providing certification for conforming to standards for product integrity coupled with supply chain security.
O-TTPS Version 1.0 was initially released in April 2013. In July 2014, it was updated to V1.1; this was later approved as ISO/IEC 20243:2015 in September 2015. In 2018, the O-TTPS was updated to O-TTPS Part 1: Requirements and Recommendations, Version 1.1.1 and O-TTPS Part 2: Assessment Procedures for the O-TTPS and ISO/IEC 20243-1:2018, Version 1.1.1
Benefits of O-TTPS Certification
The O-TTPS Certification Program is open to all suppliers, providers, and integrators.
• Identification and mitigation of security risks throughout the development, sourcing, and maintenance of COTS ICT products
• Product and market differentiation
• Collaboration between Open Trusted Technology Providers™ and suppliers
Professional Certification for the Trusted Technology Practitioner
The Open Group Open Certified Trusted Technology Practitioner (Open CTTP) certification is an independent global certification for qualifying the skills, knowledge, and experience of Trusted Technology Practitioners.
The Practitioners support their organizations by enabling the application of effective Trusted Technology security practices, such as those described in the O-TTPS: ISO/IEC 20243. A Trusted Technology Practitioner advises ICT development or manufacturing teams on how to effectively mitigate technology supply chain risks, including maliciously tainted and counterfeit components.
The Open CTTP certification requires applicants to demonstrate skills and experience against a set of conformance requirements through written applications and peer interviews.
Open Trusted Technology Provider™ Framework (O-TTPF)
Open Trusted Technology Provider™ Standard (O-TTPS) – Mitigating Maliciously Tainted and Counterfeit Products
• Part 1: Requirements and Recommendations, Version 1.1.1
• Part 2: Assessment Procedures for the O-TTPS and ISO/IEC 20243-1:2018, Version 1.1.1
• Mapping of the CC SARS to the O-TTPS Requirements
• O-TTPS Certification Program Data Sheet
Guides & Case Studies
• Implementation Guide to Leveraging Open Trusted Technology Providers in the Supply Chain
• A Management Guide – O-TTPS for ICT Product Integrity and Supply Chain Security
• IBM Case Study on The Open Group Accreditation as an Open Trusted Technology Provider™
Webinars and Podcasts
• Developing Standards that Secure the Global Supply Chain
• Securing Global IT Supply Chains and IT Products by Working with Open Trusted Technology Provider™ Accreditation
• New ISO Standard for ICT Providers to Mitigate the Risk of Maliciously Tainted and Counterfeit Products
• Exploring the Role and Impact of the Open Trusted Technology Provider™ Framework (O-TTF)
Get Involved and Gain Influence in Defining Open Standards and Certifications
Being a member of The Open Group gives organizations early access to the latest information and developments regarding open standards and best practices, and enables them to participate in The Open Group’s highly influential Forums and Work Groups. We provide a collaborative, vendor-neutral environment where member representatives can:
- • Network with a world-class community of peers, experts and industry leaders
- • Have early access to information on industry developments
- • Gain insight for future decisions from both major customers and suppliers of IT
- • Influence outcomes that benefit their organizations
- • Grow professionally, and enhance their credibility in the industry
- • Receive education in best practices