Securing Global Supply Chain

Monday, February 10, 2014 @ 10:02 AM gHale


Security from beginning to end is the goal for any manufacturer. Knowing the product the user is purchasing is secure from the beginning until they take ownership is vital and a new program that just launched is one more step along the way.

The Open Group launched the Open Trusted Technology Provider Standard (O-TTPS) Accreditation Program, one of the first accreditation programs aimed at assuring the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products worldwide and safeguarding the global supply chain against the increasing sophistication of cyber attacks.

RELATED STORIES
NIST to Update Role-Based Security Training
NIST Cybersecurity Framework: What it Means
NIST Seeks Smart Grid Comments
Preliminary Cybersecurity Framework Released

Tainted and counterfeit products pose significant risk to organizations because altered or non-genuine products introduce the possibility of untracked malicious behavior or poor performance. Product risks can damage customers and suppliers resulting in failed or inferior products, revenue and brand equity loss, disclosure of intellectual property, and damage to critical infrastructure.

Intended to assure integrity in technology development, the accreditation program will ensure applicants conform to the O-TTPS standard.

Companies seeking O-TTPS Accreditation — which could be component suppliers, technology providers or integrators — can choose accreditation for conforming to the O-TTPS standard and adhering to the best practice requirements across the entire enterprise, within a specific product line or business unit or within one or more individual products.

Organizations applying to become O-TTPS accredited must provide evidence of conformance to each of the O-TTPS requirements, demonstrating they have the processes in place to secure their in-house development and their supply chains across the entire COTS ICT product lifecycle, including the design, sourcing, build, fulfillment, distribution, sustainment, and disposal phases.

O-TTPS accredited organizations will then be able to identify themselves as Open Trusted Technology Providers and will become part of a public registry of trusted providers who help ensure they “Build with Integrity” so their customers can “Buy with Confidence.”

“Secure by Design is a key tenant of the IBM secure engineering process. The Open Trusted Technology Provider Standard and Accreditation Program will help guide and recognize trusted technology vendors like IBM that value Secure by Design best practices,” said Andras Szakal, Vice President, Chief Technology Officer, IBM U.S. Federal IMT.

“Being able to identify accredited organizations not only benefits commercial customers and governments, it also benefits COTS ICT providers, who can identify and choose to work with accredited component suppliers – thus enabling a holistic approach that is essential to raising the bar for all constituents in the supply chain,” said Sally Long, Director, The Open Group Trusted Technology Forum.

The Open Group also unveiled its O-TTPS Recognized Assessor Program, which assures that Recognized Assessor (companies) meet certain criteria as a third party assessor organization and that their assessors (individuals) meet an additional set of criteria and have passed the O-TTPS Assessor exam, before they can get an assignment to an O-TTPS Assessment. The Open Group will operate this program, grant O-TTPS Recognized Assessor certificates and list those qualifying organizations on a public registry.

Click here for more information on becoming an accredited Open Trusted Technology Provider or an O-TTPS Recognized third-party assessor.



Leave a Reply

You must be logged in to post a comment.