Global technology supply chain security standard released
The Open Group published of the Open Trusted Technology Provider Standard (O-TTPS), the first complete standard published by The Open Group Trusted Technology Forum (OTTF) and which will benefit global providers and acquirers of Commercial Off-the-Shelf (COTS) Information and Communication Technology (ICT) products.
This open standard is the first of its kind to help organizations achieve Trusted Technology Provider status, assuring the integrity of COTS ICT products worldwide and safeguarding the global supply chain against the increased sophistication of Cybersecurity attacks.
Specifically intended to prevent maliciously tainted and counterfeit products from entering the supply chain, this first release of the O-TTPS codifies best practices across the entire COTS ICT product lifecycle, including the design, sourcing, build, fulfilment, distribution, sustainment, and disposal phases.
The O-TTPS will enable organizations to implement best practice requirements and allow all providers, component suppliers and integrators to obtain Trusted Technology Provider status. For customers, including government acquirers, O-TTPS can differentiate those providers who adopt the standard’s practices. Thus raising the bar globally by helping the technology industry and its customers to “Build with Integrity, Buy with Confidence.”
Tainted and counterfeit products pose significant risk to organizations because altered or non-genuine products introduce the possibility of untracked malicious behavior or poor performance. Both product risks can damage customers and suppliers resulting in failed or inferior products, revenue and brand equity loss, and disclosure of intellectual property.
The increase in sophistication of cyber-attacks has forced technology suppliers and governments to take a more comprehensive approach to risk management as it applies to product integrity and supply chain security. Customers are now seeking assurances that their providers are following standards to mitigate the risks of tainted and counterfeit components, while providers of COTS ICT are focusing on protecting the integrity of their products and services as they move through the global supply chain.
The OTTF is now working to develop an accreditation program to help provide assurance that Trusted Technology Providers conform to the O-TTPS. The planned accreditation program is intended to mitigate maliciously tainted and counterfeit products by raising the assurance bar for component suppliers, technology providers, and integrators, who are part of and depend on the global supply chain. Using the guidelines and best practices documented in the O-TTPS as a basis, the OTTF will also release updated versions of the O-TTPS based on changes to the threat landscape.
David Lounsbury, CTO, The Open Group, said: “With the increasing sophistication of cyber-attacks worldwide, technology buyers at large enterprises and government agencies need guarantees the products they source come from trusted suppliers and that they meet set criteria for securing their supply chains. By codifying best of breed best practices already used by industry, the O-TTPS will have a significant impact on the future procurement of COTS ICT products, as well as the security and integrity of the global supply chain.”o risk management as it applies to product integrity and supply chain security. Customers are now seeking assurances that their providers are following standards to mitigate the risks of tainted and counterfeit components, while providers of COTS ICT are focusing on protecting the integrity of their products and services as they move through the global supply chain.