San Francisco, CA – September 1, 2015 – The Open Group today announced that its Open Trusted Technology Provider™ Standard – Mitigating Maliciously Tainted and Counterfeit Products (O-TTPS) – has been approved as an ISO/IEC International Standard (ISO/IEC 20243:2015).
The Open Trusted Technology Provider™ Standard (O-TTPS) is one of the first standards aimed at assuring both the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products and the security of their supply chains. It helps to safeguard the products and their global supply chains against the increasing sophistication of cybersecurity attacks.
The ISO/IEC standard will be published in the coming weeks. In advance of the ISO/IEC 20243 publication, The Open Group edition of the standard, technically identical to the ISO/IEC approved edition, is freely available here.
The standard defines a set of best practices for COTS ICT providers to use to mitigate the risk of maliciously tainted and counterfeit components from being incorporated into each phase of a product’s lifecycle. This encompasses design, sourcing, build, fulfillment, distribution, sustainment, and disposal. Ultimately, the standard helps to assure that the COTS ICT products installed and operated in business enterprises and critical infrastructure are more secure and less susceptible to cybersecurity threats.
Counterfeit products, or ones that have been maliciously tampered with, pose a significant threat to organizations and nations through the potential introduction of untracked malicious behavior. This can damage both customers and suppliers, resulting in failed or inferior products, revenue and brand equity loss, as well as disclosure of intellectual property. Governments and enterprises have begun to seek assurance that the products they use are secure, so providers of COTS ICT focus on protecting the integrity of products and services both in-house and as they move through global supply chains.
The Open Group has also developed an O-TTPS Accreditation Program to recognize Open Trusted Technology Providers who conform to the standard and adhere to best practices across their entire enterprise, within a specific product line or business unit, or within an individual product. Accreditation is applicable to all ICT providers in the chain: OEMS, integrators, hardware and software component suppliers, value-add distributors, and resellers.
While The Open Group assumes the role of the Accreditation Authority over the entire program, it also uses third-party assessors to assess conformance to the O-TTPS requirements. The Accreditation Program and the Assessment Procedures are publically available.
This ISO/IEC standard was submitted to the ISO/IEC JTC 1* by The Open Group, following the ISO/IEC JTC 1 process for Publicly Available Specifications (PAS). The Open Group is now considering submitting the O-TTPS Assessment Procedures to ISO/IEC JTC 1 for approval as a PAS submission.
Quotes
Andras Szakal, Vice President, Chief Technology Officer, IBM U.S. Federal IMT and Chair of The Open Group Trusted Technology Forum, said, “Secure by design is a key tenant of the IBM secure engineering process. The Open Trusted Technology Provider™ Standard and Accreditation Program helps guide and recognize trusted technology vendors like IBM that value secure by design best practices. IBM is a proud founding member of the OTTF and has successfully obtained O-TTPS accreditation for its Application Infrastructure and Middleware (AIM) software. O-TTPS ISO/IEC status now provides additional credibility to IBM’s accreditation as well as to all future accreditations that may be awarded to other industry suppliers.”
“The Open Group is pleased to have another of our standards accepted by ISO/IEC,” said Allen Brown, CEO and President of The Open Group. "With IT products now developed in a global supply chain, it’s vital that there are global standards in place to mitigate the potential threats to both nations and global organizations. We believe that international standards and accreditation programs like the O-TTPS will raise the product integrity and supply chain security bars and level the playing field for providers, component suppliers, integrators, and value-add resellers. Without these ISO/IEC standards, organizations would need to adhere to various regulations and assessment regimes, not only country by country but also at regional levels. We look forward to working with ISO/IEC to evolve the standard in a way that meets the needs of the ISO/IEC community and The Open Group members.”
-ENDS-
Resources
- For more information on The Open Group Trusted Technology Forum click here.
- To download the O-TTPS (Standard), which is freely available click here.
- For information on the O-TTPS Accreditation Program click here:
About The Open Group Trusted Technology Forum (OTTF)
The Open Group Trusted Technology Forum (OTTF) leads the development of a global supply chain security program in order to provide buyers of IT products with a choice of accredited technology partners (OEMs, component suppliers, integrators and distributors). The Open Trusted Technology Provider™ Standard (O-TTPS) identifies best practices for technology integrity and supply chain security. The O-TTPS Accreditation Program assures conformance to the standard, distinguishing Open Trusted Technology Providers, and fostering a secure and sustainable global supply chain. The OTTF provides a vendor-neutral environment where security, supply chain, and acquisition professionals can lead the development of industry best practices and accreditation programs, utilize The Open Group’s broad reach to build global recognition for them, and network with a world-class community of experts and peers to grow professionally. We welcome the participation of all who want to influence the direction of the OTTF.
Open Trusted Technology Provider is a trademark of The Open Group.
About The Open Group
The Open Group is an international vendor- and technology-neutral consortium upon which organizations rely to lead the development of IT standards and certifications, and to provide them with access to key industry peers, suppliers and best practices. The Open Group provides guidance and an open environment in order to ensure interoperability and vendor neutrality.
About ISO/IEC JTC 1
The joint technical committee of ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission), ISO/IEC JTC 1, Information Technology, is a consensus-based, voluntary international standards group that works as a highly productive collaboration between ISO and IEC. More than 3,700 experts from 34-P-member countries come together in JTC 1 to develop mutually beneficial standards that enhance global trade while protecting intellectual property.
Media Contact:
Holly Hunter
Hotwire PR
+44 207 608 4638
UKOpengroup@hotwirepr.com