“The modern supply chain depends upon a complex and interrelated network involving the movement of goods, services, funds and information across a wide range of global participants, making it vulnerable to increasingly sophisticated cyber attacks and an ever increasing range of breaches and disruptions,” said Andras Szakal, Vice President and Chief Technology Officer, IBM U.S. Federal. “Standards like O-TTPS are critical in helping to ensure the integrity and security of data and giving customers peace of mind.”
Defining conformance criteria for an internal pilot accreditation on the standard is currently underway. The next phase requires the standard to go through an approval process and once published, will likely move into an accreditation program for global rollout.
“With the rapid changes in computing infrastructure and growing security threats our industry is facing, EMC has, from the beginning of this initiative, invested in the Trusted Technology Forum’s work to develop a practical standard that builds assurance for our global supply chains,” said Dan Reddy, Senior Consulting Product Manager, Product Security Office, EMC. “Global providers and governments everywhere must work together to leverage this common means to assure customers that the technology products they buy maintain integrity and reduce the risk to the customer’s operational environments. This Standard is an important milestone in that journey.”
“As a leading contract vehicle for the purchase of IT products by the Federal Government, the NASA Solutions for Enterprise-Wide Procurement (SEWP) Office is excited and encouraged by the progress made by the OTTF in this industry led effort to define and standardize the trustworthiness of supply chain management,” said Joanne Woytek, NASA SEWP Program Manager.
“Part of the OTTF’s commitment is to both evolve the O-TTPS standard and to leverage existing standards,” said Conway. “Over time, the standard will flexibly change to meet new challenges and embrace new technology innovation."
Moreover, the OTTF is committed to liaising with other standards bodies such as ISO and The Common Criteria where applicable and point to those standards that exist as evidence of ICT product integrity. The OTTF anticipates that other standards initiatives will point to its standard as well. Ultimately, the goal is to allow the COTS ICT provider community to make a single investment in product and organizational integrity practices and have multiple standards initiatives recognize that investment while providing acquires of the technology with continued assurance.