Open Group Trusted Technology Forum

Objective of Meeting

The objective of Tuesday’s sessions in The Open Group Trusted Technology Forum (OTTF) was to further the development of their Open Trusted Technology Provider Framework (O-TTPF).

For an overview of the OTTF, their objectives, and their work see the OTTF Spotlight presentation.

Summary

The entire session 13:30 – 17:00 was spent on scoping exercises for the O-TTPF as they refine the Standard and prepare to release Version 1.0, planned for Q1-Q2 of 2012.

What is The Open Group Trusted Technology Forum?

The Open Group Trusted Technology Forum (OTTF) is a Forum established to promote the adoption of best practices to improve the security and integrity of products as they move through the global supply chain. This includes all practices involved in the design, development, production, delivery, and sustainment of products and services associated with Commercial Off The Shelf (COTS) Information Technology (IT) components (hardware and software).

Organizations involved:

Apex Assurance, atsec information security, Boeing, CA Technologies, Carnegie Mellon SEI, Cisco, EMC, Fraunhofer SIT, Hewlett-Packard, IBM, IDA, Juniper Networks, Kingdee, Microsoft, MITRE, NASA, Oracle, OUSD (AT&L), SAIC, SAP, and US DoD/CIO

The purpose of the OTTF:

The Forum will provide a framework of best practices and related guidelines to help the technology and communications industries “build with integrity” by providing vendors, distributors, and integrators with commercially reasonable development, security, and supply chain practices intended to:

• Increase supply chain integrity of commercial products
• Identify procurement strategies to protect the consumer, thereby…
• Supporting global innovation and promoting global adoption, resulting in
• increased confidence in the products and services enabling business and government activities

The OTTF is addressing global supply chain integrity challenges by:

• Setting forth best practices to help reduce the risks that may be introduced from global supply chain providers
• Working with the global community to develop responsible and realistic procurement policies that mitigate the risks introduced from supply chain vulnerabilities for all governments and vertical industries
• Identifying manufacturing practices and checkpoints throughout the lifecycle that mitigate risk from uncontrolled, unprotected development methods and engineering procedures
• Working with global governments to understand their challenges and acquisition requirements in maintaining a safe and secure supply chain
• Aligning the O-TTPF Best Practices with these global requirements to help assure global adoption for a safe secure supply chain

Outputs

For a look at the O-TTPF White Paper, which is the basis of the O-TTPF Best Practices, please feel free to download it.

To contribute to the development of the O-TTPF Best Practices, please join the Forum as a member.  For more information, contact the Forum Director Sally Long s.long@opengroup.org.

Next Steps

The Forum will continue to meet to evolve the O-TTPF Standard for Supply Chain Best Practices.

Links

See above.