The Open Trusted Technology Forum (OTTF)
DEVELOPING OPEN STANDARDS AND CERTIFICATION PROGRAMS TO HELP ASSURE PRODUCT INTEGRITY AND GLOBAL SUPPLY CHAIN SECURITY
Our objective is to increase product integrity and supply chain security by developing open standards and certification programs that identify Open Trusted Technology Providers™ - so that industry can "Build with integrity, buy with confidence".
WHO WE ARE & WHAT WE DO
The Open Trusted Technology Forum provides a collaborative environment to facilitate creating international standards focused on supply chain security to establish a unified view of practicing supply chain risk management (SCRM) for information and communication technology (ICT) products. Through this public-private partnership, the OTTF has developed two preeminent international certification programs: The Open Trusted Technology Provider ™ Standard (O-TTPS) Certification Program and the Certified Trusted Technology Practitioner (Open CTTP) Professional Certification.
Private and public sector organizations increasingly rely on information and communication technology (ICT) solutions, which are produced globally, to run their operations. These systems need to be secure and to be kept free of major defects and vulnerabilities for customers to “trust” them. Equally, providers need to achieve “integrity” of their supply chains to help attest these systems do not ultimately compromise the security posture of their customers. Moreover, providers need to implement controls that strengthen the integrity of systems containing their intellectual property, thereby mitigating the risk of potential counterfeit components and the loss of intellectual property revenue.
The Open Trusted Technology Provider™ Standard (O-TTPS) Certification Program
The O-TTPS Certification Program enables organizations that conform to the standard to be certified as Open Trusted Technology Providers™.
The O-TTPS, a standard of The Open Group, provides a set of guidelines, recommendations and requirements that help assure against maliciously tainted and counterfeit products throughout commercial off-the-shelf (COTS) information and communication technology (ICT) product lifecycles.
The standard includes best practices throughout all phases of a product’s life cycle: design, sourcing, build, fulfillment, distribution, sustainment, and disposal, thus enhancing the integrity of COTS ICT products and the security of their global supply chains.
The O-TTPS differs from traditional cyber security standards in that it focuses on verification of the procedures used within the organization to maintain security and integrity of the supply chain, rather than on testing of individual products or systems. The certification program is one of the first of its kind in providing certification for conforming to standards for product integrity coupled with supply chain security.
O-TTPS Version 1.0 was initially released in April 2013. In July 2014, it was updated to V1.1; this was later approved as ISO/IEC 20243:2015 in September 2015. In 2018, the O-TTPS was updated to O-TTPS Part 1: Requirements and Recommendations, Version 1.1.1 and O-TTPS Part 2: Assessment Procedures for the O-TTPS and ISO/IEC 20243-1:2018, Version 1.1.1
Benefits of O-TTPS Certification
The O-TTPS Certification Program is open to all suppliers, providers, and integrators.
• Identification and mitigation of security risks throughout the development, sourcing, and maintenance of COTS ICT products
• Product and market differentiation
• Collaboration between Open Trusted Technology Providers™ and suppliers
Professional Certification for the Trusted Technology Practitioner
The Open Group Open Certified Trusted Technology Practitioner (Open CTTP) certification is an independent global certification for qualifying the skills, knowledge, and experience of Trusted Technology Practitioners.
The Practitioners support their organizations by enabling the application of effective Trusted Technology security practices, such as those described in the O-TTPS: ISO/IEC 20243. A Trusted Technology Practitioner advises ICT development or manufacturing teams on how to effectively mitigate technology supply chain risks, including maliciously tainted and counterfeit components.
The Open CTTP certification requires applicants to demonstrate skills and experience against a set of conformance requirements through written applications and peer interviews.