In the early morning and after lunch, the Forum met with two different potential members who had heard of the OTTF via a solicitation to provide comments on the Snapshot – the goal was to provide them some face-to-face time with the members so they could better understand the value of the Forum and the potential of the planned accreditation program. Very good discussion resulted during the session and afterwards.
The rest of the day was spent in brainstorming on how we might effectively meet our objective for the Accreditation Program, the objective to raise the bar for all companies; maintaining confidence in the program but sill making it reasonable not only for very mature companies that have been around for a long time and have had time to establish widespread best practices, but also in particular for those companies who are smaller or are new to the industry.
The rest of the afternoon was spent identifying process improvement points: homework, parallel and/or serial processing, group analysis versus document review – different solutions appropriate according to the needs of the project, identifying and training on existing tools on Plato, utilizing project management tools to effectively manage all of the multiple streams, actions and work items we have underway.
Background
The Forum released the Open Trusted Technology Provider Standard (O-TTPS) Snapshot in March of this year and it can be downloaded free-of-charge from The Open Group bookstore by clicking on the link above.
The O-TTPS Snapshot is a draft – a snapshot in time – of what is intended to become an open standard for organizational commercial best practices that when properly adhered to will enhance the security of the global supply chain and the integrity of Commercial Off-The-Shelf (COTS) Information Communication Technology (ICT) products. It will provide a set of best practice requirements and recommendations that help assure specifically against tainted and counterfeit products throughout the COTS ICT product life cycle, encompassing the following phases: design, sourcing, build, fulfillment, distribution, sustainment, and disposal.
Using the guidelines and best practices documented in the O-TTPF (Framework) as a basis, the OTTF will take a phased approach and stage the O-TTPS releases over time. This staging will consist of standards that focus on mitigating specific COTS ICT risks from emerging threats. As threats change or market needs evolve, the OTTF intends to update the O-TTPS (Standard) by releasing addenda to address specific threats or market needs.
The Framework, on which the Snapshot is based, is an evolving compendium of organizational guidelines and best practices relating to COTS ICT products, and the security of the supply chain throughout the entire product life cycle. A publically available early version of the Framework was released as a White Paper in February 2011.
Continue evolving the standard, the evidence of conformance, the Pilot program, and the Accreditation Program Policy. The Forum members meet 2-3 times per week to progress this work. Once the Forum members have reached consensus on the definition of the Accreditation Program Policy and Assessment Process it will be approved through The Open Group Review and Approval Process.
If you are interested in joining the OTTF so that your organization can be part of the consensus process as it defines the Accreditation Program and refines the Snapshot to Version 1.0 of the Standard, then please contact Chris Parnell at c.parnell@opengroup.org.