Open Trusted Technology Provider Standard: Difference between revisions

The Open Trusted Technology Provider[[Trademark symbol|™]] Standard (O-TTPS) (''Mitigating Maliciously Tainted and Counterfeit Products'') is a standard of [[The Open Group]] that has also been approved for publication as an [[Information technology|Information Technology]] standard by the [[International Organization for Standardization]] and the [[International Electrotechnical Commission]] through [[ISO/IEC JTC 1]] and is now also known as ISO/IEC 20243:2015.<ref>{{cite web|title=ISO/IEC 20243:2015|url=http://www.iso.org/iso/catalogue_detail.htm?csnumber=67394|website=ISO.org|publisher=ISO.org|accessdate=24 September 2015}}</ref> The standard consists of a set of guidelines, requirements, and recommendations that align with [[best practice]]s for global [[supply chain security]] and the integrity of [[commercial off-the-shelf]] (COTS) [[information and communication technology]] (ICT) products.<ref>{{Cite journal|last=Bartol|first=Nadya|date=23 May 2016|title=Cyber supply chain security practices DNA – Filling in the puzzle using a diverse set of disciplines|url=http://www.sciencedirect.com/science/article/pii/S0166497214000066|journal=Technovation|doi=10.1016/j.technovation.2014.01.005|pmid=|access-date=23 May 2016|volume=34|pages=354–361}}</ref><ref>{{Cite book|title=Cybersecurity in Our Digital Lives|last=Whitman|first=Dave|publisher=Hudson Whitman Excelsior College Press|year=March 2015|isbn=978-0-9898451-4-4|editor-last=LeClair|editor-first=Jane|___location=|pages=|chapter=Cybersecurity in Supply Chains|editor-last2=Keeley|editor-first2=Gregory}}</ref> It is currently in version 1.1.<ref name=":0">{{cite web|url=https://www2.opengroup.org/ogsys/catalog/C147|title=Open Group's Publication Library|website=opengroup.org|publisher=The Open Group|accessdate=22 June 2015}}</ref><ref>{{Cite web|url=http://www.iso.org/iso/catalogue_detail.htm?csnumber=67394|title=ISO/IEC 20243:2015 - Information Technology -- Open Trusted Technology ProviderTM Standard (O-TTPS) -- Mitigating maliciously tainted and counterfeit products|website=ISO|access-date=2016-05-23}}</ref> A Chinese translation has also been published.<ref>{{Cite web|url=https://www2.opengroup.org/ogsys/catalog/C147CH|title=Open Trusted Technology Provider Standard 1.1 (Chinese)|last=|first=|date=|website=Open Group Publications Library|publisher=The Open Group|access-date=6 June 2016}}</ref>

The Implementation Guide to Leveraging Open Trusted Technology Providers in the Supply Chain<ref>{{cite web|url=http://www.nist.gov/cyberframework/cybersecurity-framework-industry-resources.cfm|title=Implementation Guide to Leveraging Open Trusted Technology Providers in the Supply Chain|website=NIST.Gov cybersecurity industry resources|publisher=The Open Group|accessdate=24 September 2015}}</ref> provides mapping between The [[National Institute for Standards and Technology]] (NIST) Cybersecurity Framework<ref>{{cite web|url=http://www.nist.gov/cyberframework/|title=Cybersecurity Framework|website=NIST.Gov|publisher=NIST.Gov|accessdate=24 September 2015}}</ref> and related organizational practices listed in the O-TTPS. NIST referenced O-TTPS in their NIST Special Publication 800-161 "Supply Chain Risk Management Practices for Federal Information Systems and Organizations" that provides guidance to federal agencies on identifying, assessing, and mitigating ICT supply chain risks at all levels of their organizations.<ref>{{Cite web|url=http://dx.doi.org/10.6028/NIST.SP.800-161journal|title=Supply Chain Risk Management Practices for Federal Information Systems and Organizations|last=Boyens|first=Jon|date=|year=April 2015|website=|publisher=National Institute of Technology and Standards|page=|accessdoi=10.6028/NIST.SP.800-date=23 May 2016161}}</ref>