Wikipedia

Open Trusted Technology Provider Standard: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
Danreddy (talk | contribs)
108 edits
Rescuing 2 sources and tagging 3 as dead.) #IABot (v2.0.9.5
 
(41 intermediate revisions by 19 users not shown)
Line 1:
<!-- How do I change the title of the entry itself to be ISO 20243:Open Trusted Technology Provider Standard EDIT BELOW THIS LINE -->
{{AFC submission|d|npov|u=Danreddy|ns=118|reviewer=Accents|reviewts=20150615214814|decliner=Accents|declinets=20150615214838|ts=20150511144244}} <!-- Do not remove this line! -->
The '''Open Trusted Technology Provider Standard''' (O-TTPS) (''Mitigating Maliciously Tainted and Counterfeit Products'') is a standard of [[The Open Group]] that has also been approved for publication as an [[Information technology|Information Technology]] standard by the [[International Organization of Standardization]] and the [[International Electrotechnical Commission]] through [[ISO/IEC JTC 1]] and is now also known as ISO/IEC 20243:2015.<ref>{{cite web|title=ISO/IEC 20243:2015|url=http://www.iso.org/iso/catalogue_detail.htm?csnumber=67394|website=ISO.org|access-date=24 September 2015}}</ref> The standard consists of a set of guidelines, requirements, and recommendations that align with [[best practice]]s for global [[supply chain security]] and the integrity of [[commercial off-the-shelf]] (COTS) [[information and communication technology]] (ICT) products.<ref>{{Cite journal|last=Bartol|first=Nadya|date=23 May 2016|title=Cyber supply chain security practices DNA – Filling in the puzzle using a diverse set of disciplines|journal=Technovation|doi=10.1016/j.technovation.2014.01.005|volume=34|issue=7|pages=354–361}}</ref><ref>{{Cite book|title=Cybersecurity in Our Digital Lives|last=Whitman|first=Dave|publisher=Hudson Whitman Excelsior College Press|date=March 2015|isbn=978-0-9898451-4-4|editor-last=LeClair|editor-first=Jane|chapter=Cybersecurity in Supply Chains|editor-last2=Keeley|editor-first2=Gregory}}</ref> It is currently in version 1.1.<ref name=":0">{{cite web|url=https://www2.opengroup.org/ogsys/catalog/C147|title=Open Group's Publication Library|website=opengroup.org|publisher=The Open Group|access-date=22 June 2015}}</ref><ref>{{Cite web|url=http://www.iso.org/iso/catalogue_detail.htm?csnumber=67394|title=ISO/IEC 20243:2015 - Information Technology -- Open Trusted Technology ProviderTM Standard (O-TTPS) -- Mitigating maliciously tainted and counterfeit products|website=ISO|access-date=2016-05-23}}</ref> A Chinese translation has also been published.<ref>{{Cite web|url=https://www2.opengroup.org/ogsys/catalog/C147CH|title=Open Trusted Technology Provider Standard 1.1 (Chinese)|website=Open Group Publications Library|publisher=The Open Group|access-date=6 June 2016}}</ref>
{{AFC submission|d|nn|u=Danreddy|ns=2|decliner=Onel5969|declinets=20150305154805|small=yes|ts=20150302132508}} <!-- Do not remove this line! -->
 
{{AFC comment|1=All inline links must be removed, please, and turned into references if appropriate, Wikilinks, or external links in a section so named. See [[Wikipedia:External links]] [[User:Timtrent|<span style="color:#800">Fiddle</span>]] [[User talk:Timtrent|<span style="color:#070">Faddle</span>]] 15:00, 11 May 2015 (UTC)}}
 
{{AFC comment|1=In addition, this article does not have an NPOV, and has several formatting issues. [[User:Onel5969|Onel5969]] ([[User talk:Onel5969|talk]]) 15:48, 5 March 2015 (UTC)}}
 
----
 
<!-- EDIT BELOW THIS LINE -->
Open Trusted Technology Provider™ Standard (O-TTPS) (''Mitigating Maliciously Tainted and Counterfeit Products'') is a standard of [[The Open Group]], that has also been approved for publication as a standard of the [[International Organization for Standardization]] and the [[International Electrotechnical Commission]] through [[ISO/IEC JTC 1]] and is now also known as ISO/IEC 20243 <ref>{{cite web|title=ISO/IEC 20243:2015|url=http://www.iso.org/iso/catalogue_detail.htm?csnumber=67394|website=ISO.org|publisher=ISO.org|accessdate=24 September 2015}}</ref>. It consists of a set of guidelines, requirements, and recommendations that align with [[best practice]]s for the security of the global supply chain and the integrity of [[commercial off-the-shelf]] (COTS) [[information and communication technology]] (ICT) products. This standard was built by technology industry and consumer members of [[The_Open_Group| The Open Group's Trusted Technology Forum]] (OTTF)<ref>{{cite web|title=Open Group Trusted Technology Forum|url=http://opengroup.org/subjectareas/trusted-technology|website=opengroup.org|publisher=The Open Group|accessdate=11 May 2015}}</ref>.
 
The standard focuses on organizational practices that, according to The Open Group, may, when properly adhered to, provide assurance against maliciously tainted and counterfeit products throughout the COTS ICT product life cycle. The life cycle described in the standard encompasses the following phases: design, sourcing, build, fulfillment, distribution, sustainment, and disposal. The current version of standard may be downloaded from the Open Group's publication library<ref>{{cite web|title=Open Group's Publication Library|url=https://www2.opengroup.org/ogsys/catalog/C147|website=opengroup.org|publisher=The Open Group|accessdate=22 June 2015}}</ref>
or purchased from ISO/IEC.<ref>{{cite web|title=ISO/IEC 20243|url=http://www.iso.org/iso/catalogue_detail.htm?csnumber=67394|website=ISO.org|publisher=ISO.org|accessdate=24 September 2015}}</ref>. A Chinese translation has been published and is also available through The Open Group.
 
== Background ==
The O-TTPS was writtendeveloped in response to a changing landscape and the increased sophistication of cybersecurity attacks worldwide, as well as increased risks for product vulnerability across the supply chain due to the changing threat landscape.<ref name="United States House of Representatives Commerce and Energy Committee">{{cite web|title=IT Supply Chain Security: Review of Government and Industry Efforts|url=http://energycommerce.house.gov/hearing/it-supply-chain-security-review-government-and-industry-efforts|publisher=US House of Representatives|archivedateaccess-date=2015-03-27 March 2012|archive-date=2014-12-08|archive-url=https://web.archive.org/web/20141208053201/https://energycommerce.house.gov/hearing/it-supply-chain-security-review-government-and-industry-efforts|url-status=dead}}</ref> The intent is to help providers build products with integrity and to enable their customers to have more confidence in the technology products they buy.<ref>{{cite web|author1=Messmer, Ellen|title=Defense Department wants secure, global high-tech supply chain|url=httphttps://www.networkworld.com/article/2196759716997/malware-cybercrime/-defense-department-wants-secure--global-high-tech-supply-chain.html|website=networkworld.com[[Network World]]|publisher=IDG (International Data Group)|accessdateaccess-date=30 March 2015|archivedate=15 December 2010}}</ref> Private and public sector organizations rely largely on COTS ICT products to run their operations. These products are often produced globally, with processes like design, development and manufacturing taking place inat different locationssites acrossin themultiple globecountries.<ref>{{cite news|last1=Lennon|first1=Mike|title=USCC Releases Report on Chinese Capabilities for Cyber Operations and Cyber Espionage|url=http://www.securityweek.com/uscc-commissioner-cyberattacks-getting-harder-chinas-leaders-claim-ignorance|accessdateaccess-date=25 January 2016|work=Security Week|issue=9 March 2012|publisher=Wired Business Media|date=9 March 2012}}</ref>With increasedThe securityO-TTPS threatsis worldwide, ICT providers needdesigned to showmitigate thatthe theirrisk productof organizationscounterfeit canand acttainted to reduce defectscomponents and vulnerabilitiesto inhelp theirassure productsproduct whileintegrity ensuring the security of theirand supply chainschain andsecurity reducingthroughout the risklifecycle of counterfeitthe and tainted productsproduct. <ref>{{cite web|title=Cybersecurity: An Examination of the Communications Supply Chain (testimony before Committee on Energy and Commerce Subcommittee on Communications and Technology U.S. House of Representatives|url=http://www.itic.org/dotAsset/3/a/3a48cdde-f1e5-4080-9773-315bf14a5142.pdf|publisher=Information Technology Industry Council|accessdateaccess-date=24 September 2015}}</ref><ref>{{cite news|last1=Prince|first1=Brian|title=Consortium Pushes Security Standards for Technology Supply Chain|url=http://www.securityweek.com/consortium-pushes-security-standards-technology-supply-chain|accessdateaccess-date=25 January 2016|work=SecurityWeek|issue=March 5, 2012|publisher=Wired Business Media|date=5 March 2012}}</ref>
 
[[The Open Group| The Open Group's Trusted Technology Forum]] (OTTF) is a vendor-neutral international forum that uses a formal consensus based process for collaboration and decision making about the creation of standards and certification programs for information technology, including the O-TTPS.<ref>{{cite web|url=http://www.opengroup.org/getinvolved/becomeamember|title=Membership|publisher=opengroup.org}}</ref> In the forum, ICT providers, integrators and distributors work with organizations and governments to develop standards that specify secure engineering and manufacturing methods along with supply chain security practices.<ref>{{cite web|url=http://opengroup.org/subjectareas/trusted-technology|title=Open Group Trusted Technology Forum|website=opengroup.org|publisher=The Open Group|access-date=11 May 2015}}</ref>
The O-TTPS was written in response to the increased sophistication of cybersecurity attacks worldwide, as well as increased risks for product vulnerability across the supply chain due to the changing threat landscape.<ref name="United States House of Representatives Commerce and Energy Committee">{{cite web|title=IT Supply Chain Security: Review of Government and Industry Efforts|url=http://energycommerce.house.gov/hearing/it-supply-chain-security-review-government-and-industry-efforts|publisher=US House of Representatives|archivedate=27 March 2012}}</ref> The intent is to help providers build products with integrity and to enable their customers to have more confidence in the technology products they buy.<ref>{{cite web|author1=Messmer, Ellen|title=Defense Department wants secure, global high-tech supply chain|url=http://www.networkworld.com/article/2196759/malware-cybercrime/defense-department-wants-secure--global-high-tech-supply-chain.html|website=networkworld.com|publisher=IDG (International Data Group)|accessdate=30 March 2015|archivedate=15 December 2010}}</ref> Private and public sector organizations rely largely on COTS ICT products to run their operations. These products are often produced globally, with processes like design, development and manufacturing taking place in different locations across the globe.<ref>{{cite news|last1=Lennon|first1=Mike|title=USCC Releases Report on Chinese Capabilities for Cyber Operations and Cyber Espionage|url=http://www.securityweek.com/uscc-commissioner-cyberattacks-getting-harder-chinas-leaders-claim-ignorance|accessdate=25 January 2016|work=Security Week|issue=9 March 2012|publisher=Wired Business Media|date=9 March 2012}}</ref>With increased security threats worldwide, ICT providers need to show that their product organizations can act to reduce defects and vulnerabilities in their products while ensuring the security of their supply chains and reducing the risk of counterfeit and tainted products. <ref>{{cite web|title=Cybersecurity: An Examination of the Communications Supply Chain (testimony before Committee on Energy and Commerce Subcommittee on Communications and Technology U.S. House of Representatives|url=http://www.itic.org/dotAsset/3/a/3a48cdde-f1e5-4080-9773-315bf14a5142.pdf|publisher=Information Technology Industry Council|accessdate=24 September 2015}}</ref><ref>{{cite news|last1=Prince|first1=Brian|title=Consortium Pushes Security Standards for Technology Supply Chain|url=http://www.securityweek.com/consortium-pushes-security-standards-technology-supply-chain|accessdate=25 January 2016|work=SecurityWeek|issue=March 5, 2012|publisher=Wired Business Media|date=5 March 2012}}</ref>
 
The Implementation Guide to Leveraging Open Trusted Technology Providers in the Supply Chain<ref>{{cite web|url=https://www.nist.gov/cyberframework/cybersecurity-framework-industry-resources.cfm|title=Implementation Guide to Leveraging Open Trusted Technology Providers in the Supply Chain|website=NIST.Gov cybersecurity industry resources|publisher=The Open Group|access-date=24 September 2015}}</ref> provides mapping between The [[National Institute of Standards and Technology]] (NIST) Cybersecurity Framework<ref>{{cite web|url=https://www.nist.gov/cyberframework/|title=Cybersecurity Framework|website=NIST.Gov|date=12 November 2013 |access-date=24 September 2015}}</ref> and related organizational practices listed in the O-TTPS. NIST referenced O-TTPS in their NIST Special Publication 800-161 "Supply Chain Risk Management Practices for Federal Information Systems and Organizations" that provides guidance to federal agencies on identifying, assessing, and mitigating ICT supply chain risks at all levels of their organizations.<ref>{{Cite journal|title=Supply Chain Risk Management Practices for Federal Information Systems and Organizations|last=Boyens|first=Jon|date=April 2015|publisher=National Institute of Technology and Standards|doi=10.6028/NIST.SP.800-161|doi-access=free}}</ref>
The OTTF is managed like other forums in The Open Group using a formal consensus based process for building, publishing and managing its work. The OTTF aims to provide a vendor-neutral forum for technology and communications providers, integrators and distributors to work with customers and governments to develop standards that information technology providers can use to evaluate their engineering and manufacturing methods that enhance the security of global supply chains and the integrity of COTS ICT products. Membership in The Open Group is not required to download and use the O-TTPS or to seek compliance against the standard, but an organization must be a member of the OTTF to contribute to and vote on the work of the forum. <ref>{{cite web|title=Membership|url=http://www.opengroup.org/getinvolved/becomeamember|publisher=opengroup.org}}</ref>
 
== Purpose ==
The standard, developed by industry experts within the Forum, specifies organizational practices that provide assurance against maliciously tainted and counterfeit products throughout the COTS ICT product lifecycle.<ref>{{cite web|url=https://energycommerce.house.gov/sites/republicans.energycommerce.house.gov/files/Hearings/OI/20120327/HHRG-112-IF02-WState-LounsburyD-20120327.pdf|title=Executive Summary of The Open Group's testimony to the House Energy and Commerce Oversight and Investigations Subcommittee Hearing on IT Supply Chain Security: Review of Government and Industry Efforts|website=Energycommerce.house.gov|publisher=US Congress|access-date=6 June 2016}}</ref> The lifecycle described in the standard encompasses the following phases: design, sourcing, build, fulfillment, distribution, sustainment, and disposal.
 
== Measurement and AccreditationCertification ==
The OTTF is focused on increasing product integrity and security in global information technology supply chains.
AnOrganizations organization that wishes tocan be measuredcertified for their conformance to the requirements outlined in the O-TTPS can be assessed by recognized third-party assessorsstandard through the Open Group's Trusted Technology Provider Accreditation Program.<ref>{{cite web|title=RecognizedOpen AssessorGroup RegisterAccreditation Program|url=http://ottps-accred.opengroup.org/recognizedhome-assessorspublic|website=opengroup.org|publisher=The Open Group|accessdateaccess-date=1122 MayJune 2015}}</ref> Conformance to the standard is assessed by Recognized third party Assessors.<ref>{{cite web|title=OpenRecognized Group AccreditationAssessor ProgramRegister|url=http://ottps-accred.opengroup.org/homerecognized-publicassessors|website=Open Groupopengroup.org|publisher=The Open Group|accessdateaccess-date=2211 JuneMay 2015}}{{Dead link|date=August 2025 |bot=InternetArchiveBot |fix-attempted=yes }}</ref> Once an organization has been been successfully assessed as conforming to the requirements in O-TTPSstandard then the organization is publicly listed in the Open Group's Accreditation Register.<ref>{{cite web|title=Open Group's Trusted Technology Register|url=http://ottps-accred.opengroup.org/accreditation-register|website=The Open Group|publisheraccess-date=The22 OpenJune Group2015|accessdatearchive-date=2217 JuneApril 2015|archive-url=https://web.archive.org/web/20150417113043/http://ottps-accred.opengroup.org/accreditation-register|url-status=dead}}</ref> The third party assessment process is governed by anthe Accreditation Policy and Assessment Procedures.<ref>{{cite web|title=Open Trusted Technology Provider Standard (O-TTPS) Accreditation Policy|url=http://ottps-accred.opengroup.org/sites/ottps-accred.opengroup.org/files/docs/O-TTPS_Accreditation_Policy_pdf/O-TTPS_Accreditation_Policy.pdf|website=opengroup.org|publisher=The Open Group|accessdateaccess-date=2225 JuneJanuary 20152016}}</ref>
<ref>{{cite web|last1=Szakal|first1=Andras|title=Enabling Providers to Raise the Bar on Security and Integrity|url=https://buildsecurityin.us-cert.gov/sites/default/files/Andras-Szakal-Enabling-Providers-to-Raise-the-Bar-on-Security-and-Integrity.pdf|website=buildsecurityin.us-cert.gov|publisher=US Dept. Of Homeland Security|accessdate=16 April 2015}}</ref>
 
The Forum supports the development and utilization of global standards, accreditation programs, procurement strategies and related activities to decrease the risk of tainted and counterfeit components and products.
<ref>{{cite web|title=Help technology providers and their customers to “Build with Integrity, Buy with Confidence"™|url=http://www.opengroup.org/content/trusted-technology-forum-build-integrity-buy-confidence|website=opengroup.org|publisher=The Open Group|accessdate=13 April 2015}}</ref>. The Forum has published an Implementation Guide to Leveraging Open Trusted Technology Providers in the Supply Chain<ref>{{cite web|title=Implementation Guide to Leveraging Open Trusted Technology Providers in the Supply Chain|url=http://www.nist.gov/cyberframework/cybersecurity-framework-industry-resources.cfm|website=NIST.Gov cybersecurity industry resources|publisher=The Open Group|accessdate=24 September 2015}}</ref> that The [[National Institute for Standards and Technology]] (NIST) lists as a cybersecurity industry resource. The document provides mapping between the NIST Cybersecurity Framework<ref>{{cite web|title=Cybersecurity Framework|url=http://www.nist.gov/cyberframework/|website=NIST.Gov|publisher=NIST.Gov|accessdate=24 September 2015}}</ref> and related organizational practices listed in the O-TTPS.
 
== Measurement and Accreditation ==
 
An organization that wishes to be measured for their conformance to the requirements outlined in the O-TTPS can be assessed by recognized third-party assessors through the Open Group's Trusted Technology Provider Accreditation Program.<ref>{{cite web|title=Recognized Assessor Register|url=http://ottps-accred.opengroup.org/recognized-assessors|website=opengroup.org|publisher=The Open Group|accessdate=11 May 2015}}</ref> <ref>{{cite web|title=Open Group Accreditation Program|url=http://ottps-accred.opengroup.org/home-public|website=Open Group|publisher=Open Group|accessdate=22 June 2015}}</ref> Once an organization has been been successfully assessed as conforming to the requirements in O-TTPS then the organization is publicly listed in the Open Group's Accreditation Register.<ref>{{cite web|title=Open Group's Trusted Technology Register|url=http://ottps-accred.opengroup.org/accreditation-register|website=The Open Group|publisher=The Open Group|accessdate=22 June 2015}}</ref>The assessment process is governed by an Accreditation Policy.<ref>{{cite web|url=http://ottps-accred.opengroup.org/docs/O-TTPS_Accreditation_Policy.pdf|website=opengroup.org|publisher=The Open Group|accessdate=22 June 2015}}</ref>
 
== History ==
The Openeffort Trustedto Technologybuild Forumthe wasstandard formally launchedbegan in DecemberJanuary 2010 aswith ana initiativemeeting withinorganized by The Open Group and including major industry representatives and the [[United States Department of Defense]] and [[NASA]]. The Open Trusted Technology Forum was formally launched in December 2010 to develop industry standards toand enhance the security of global supply chains and the integrity of COTS ICT products.<ref>{{cite web|title=The Open Group Announces Formation of Trusted Technology Forum to Identify Best Practices for Securing the Global Technology Supply Chain|url=http://www.opengroup.org/news/press/open-group-announces-formation-trusted-technology-forum-identify-best-practices-securing-|website=opengroup.org|publisher=Open Group|accessdateaccess-date=16 April 2015}}{{Dead link|date=August 2025 |bot=InternetArchiveBot |fix-attempted=yes }}</ref>
 
The first productpublication of the Forum was a whitepaper describing the overall Trusted Technology Framework published in 2010 by The Open Group.<ref>{{cite web|title=Open Trusted Technology Framework|url=https://www2.opengroup.org/ogsys/catalog/W113W157|title=Open Trusted Technology Framework|website=opengroup.org|publisher=The Open Group|accessdateaccess-date=April 13, 2015}}</ref> The whitepaper was broadly focused on overall best practices that good commercial organizations follow while building and delivering their COTS ICT products. That broad focus was narrowed during late 2010 and early 2011 to address the most prominent threats of counterfeit and maliciously tainted products resulting in the O-TTPS which focuses specifically on those threats.
The effort to build the standard began in January 2010 with a meeting organized by The Open Group and including major industry representatives and the US [[Defense Department]].
The Open Trusted Technology Forum was formally launched in December 2010 as an initiative within The Open Group to develop industry standards to enhance the security of global supply chains and the integrity of COTS ICT products.<ref>{{cite web|title=The Open Group Announces Formation of Trusted Technology Forum to Identify Best Practices for Securing the Global Technology Supply Chain|url=http://www.opengroup.org/news/press/open-group-announces-formation-trusted-technology-forum-identify-best-practices-securing-|website=opengroup.org|publisher=Open Group|accessdate=16 April 2015}}</ref>
 
The first product of the Forum was a whitepaper describing the overall Trusted Technology Framework published in 2010 by The Open Group.<ref>{{cite web|title=Open Trusted Technology Framework|url=https://www2.opengroup.org/ogsys/catalog/W113|website=opengroup.org|publisher=The Open Group|accessdate=April 13, 2015}}</ref> The whitepaper was broadly focused on overall best practices that good commercial organizations follow while building and delivering their COTS ICT products. That broad focus was narrowed during late 2010 and early 2011 to address the most prominent threats of counterfeit and maliciously tainted products resulting in the O-TTPS which focuses specifically on those threats.
 
The first version of O-TTPS was published in April 2013.<ref>{{cite web|title=O-TTPS|url=https://www2.opengroup.org/ogsys/catalog/C139|website=opengroup.org|publisher=The Open Group|accessdate=11 May 2015}}</ref>Version 1.1 of the O-TTPS standard was published in July 2014.<ref>{{cite web|title=Open Group's Trusted Technology Forum|url=http://www3.opengroup.org/getinvolved/forums/trusted|accessdate=April 6, 2015}}</ref>
 
The O-TTPS Accreditation Program began in February 2014, IBM was the first company to achieve accreditation.<ref>{{cite web|title=IBM Secure Engineering|url=http://www-03.ibm.com/security/secure-engineering/ibmottpsaccreditation.html|website=ibm.com|publisher=IBM Corp|accessdate=13 April 2015}}</ref>
 
The standard and accreditation program have been mentioned in testimony delivered to the US Congress regarding supply chain risk and cybersecurity.<ref>{{cite web|title=Energy Committee|url=http://energycommerce.house.gov/hearing/it-supply-chain-security-review-government-and-industry-efforts|website=http://energycommerce.house.gov|publisher=US House Energy Commerce Commitee|accessdate=13 April 2015}}</ref> <ref>{{cite web|title=US Senate Commerce Science & Transportation|url=http://www.commerce.senate.gov/public/index.cfm?p=Hearings&ContentRecord_id=481f9135-40ea-4c0c-8db3-055e4a0c7e51&Statement_id=b6a63a73-d658-46b0-9130-79da01dc73c1&ContentType_id=14f995b9-dfa5-407a-9d35-56cc7152a7ed&Group_id=b06c39af-e033-4cba-9221-de668ca1978a&MonthDisplay=7&YearDisplay=2013|website=http://www.commerce.senate.gov|publisher=US Senate|accessdate=13 April 2015}}</ref>
 
==See Also==
[[Supply chain security]]
 
[[Counterfeit electronic components]]
 
[[International Organization for Standardization]]
 
[[Commercial off-the-shelf]]
 
[[Information and communications technology]]
 
==External Links==
http://csrc.nist.gov/scrm/references.html
 
http://www.afcea.org/committees/cyber/documents/Supplychain.pdf
 
The first version of O-TTPS was published in April 2013.<ref>{{cite web|title=O-TTPS|url=https://www2.opengroup.org/ogsys/catalog/C139|website=opengroup.org|publisher=The Open Group|accessdateaccess-date=11 May 2015}}</ref> Version 1.1 of the O-TTPS standard was published in July 2014.<ref>{{cite web|titlename=Open":0" Group's/> TrustedThis Technologyversion Forum|url=http:was approved by ISO//www3.opengroup.org/getinvolved/forums/trusted|accessdate=AprilIEC 6,in 2015}}< as ISO/ref>IEC 20243:2015.
http://www.networkworld.com/article/2196759/malware-cybercrime/defense-department-wants-secure--global-high-tech-supply-chain.html
 
The O-TTPS Accreditation Program began in February 2014,. [[IBM]] was the first company to achieve accreditation for conformance to the standard.<ref>{{cite web|title=IBM Secure Engineering|url=http://www-03.ibm.com/security/secure-engineering/ibmottpsaccreditation.html|archive-url=https://web.archive.org/web/20150411025751/http://www-03.ibm.com/security/secure-engineering/ibmottpsaccreditation.html|url-status=dead|archive-date=April 11, 2015|website=ibm.com|publisher=IBM Corp|accessdateaccess-date=13 April 2015}}</ref>
http://www.computerworlduk.com/news/security/3343185/the-open-group-previews-o-ttps-security-standard-for-supply-chains/
 
The standard and accreditation program have been mentioned in testimony delivered to the US Congress regarding supply chain risk and cybersecurity.<ref>{{cite web|title=Energy and Commerce Committee, United States House of Representatives|url=http://energycommerce.house.gov/hearing/it-supply-chain-security-review-government-and-industry-efforts|publisher=United States House Energy and Commerce Committee|access-date=13 April 2015}}{{Dead link|date=August 2025 |bot=InternetArchiveBot |fix-attempted=yes }}</ref><ref>{{cite web|title=US Senate Commerce Science & Transportation|url=http://www.commerce.senate.gov/public/?a=Files.Serve&File_id=EC6AF856-95AA-449C-8BF1-A763C9B9B3CF|publisher=US Senate|access-date=13 April 2015}}</ref> The [[National Defense Authorization Act for Fiscal Year 2016]] Section 888 (Standards For Procurement Of Secure Information Technology And Cyber Security Systems) requires that the [[United States Secretary of Defense]] conduct an assessment of O-TTPS or similar public, open technology standards and report to the [[United States Senate Committee on Armed Services|Committees on Armed Services]] of the [[United States Senate|US Senate]] and the [[United States House of Representatives|US House of Representatives]] within a year.<ref>{{Cite web|url=https://www.govtrack.us/congress/bills/114/s1356|title=National Defense Authorization Act for Fiscal Year 2016 (S. 1356)|website=GovTrack.us|access-date=2016-05-23}}</ref>
http://www.opengroup.org/subjectareas/trusted-technology
 
==See Alsoalso==
http://www.infoworld.com/article/2613780/supply-chain-management/supply-chain-2013--stop-playing-whack-a-mole-with-security-threats.html
* [[Supply chain security]]
* [[Counterfeit electronic components]]
* [[International Organization for Standardization]]
* [[Commercial off-the-shelf]]
* [[Information and communications technology]]
 
== References ==
http://washingtontechnology.com/microsites/2012/sewp-2012/04-program-office-takes-leadership-role.aspx
{{Reflist}}
 
==External Linkslinks==
http://www.dhs.gov/news/2011/01/06/securing-global-supply-chain
*http://csrc.nist.gov/scrm/references.html
*http://www.afcea.org/committees/cyber/documents/Supplychain.pdf
http*https://www.networkworld.com/article/2196759716997/malware-cybercrime/-defense-department-wants-secure--global-high-tech-supply-chain.html
*http://www.computerworlduk.com/news/security/3343185/the-open-group-previews-o-ttps-security-standard-for-supply-chains/
*http://www.opengroup.org/subjectareas/trusted-technology
*http://www.infoworld.com/article/2613780/supply-chain-management/supply-chain-2013--stop-playing-whack-a-mole-with-security-threats.html
*http://washingtontechnology.com/microsites/2012/sewp-2012/04-program-office-takes-leadership-role.aspx
http*https://www.dhs.gov/news/2011/01/06/securing-global-supply-chain
*http://blogs.ca.com/2013/04/12/the-launch-of-the-open-trusted-technology-provider-standard/?intcmp=searchresultclick&resultnum=1
 
{{Open Group standards}}
http://blogs.ca.com/2013/04/12/the-launch-of-the-open-trusted-technology-provider-standard/?intcmp=searchresultclick&resultnum=1
 
[[Category:Open Group standards]]
== References ==
Retrieved from "https://en.wikipedia.org/wiki/Open_Trusted_Technology_Provider_Standard"