The Open Group provides a collaborative, open environment for technology companies, customers, government and supplier organizations to create and promote guidelines for manufacturing, sourcing, and integrating trusted, secure technologies. Our objective is to shape global procurement strategies and best practices to help reduce threats and vulnerabilities in the global supply chain.
Governments and enterprises that use global standards in their technology strategy and purchasing decisions can rely on a more comprehensive approach to risk management and product assurance when selecting commercial off-the-shelf technology products. Vendors and suppliers that adhere to these practices will be able to better protect the integrity of their products and services as they move through the global supply chain.
Leveraging its more than 20 years of experience in creating industry best practices, standards, certification and accreditation programs for global organizations in all verticals, The Open Group provides guidance and a vendor-neutral collaborative environment for The Open Group Trusted Technology Forum (OTTF) members to identify industry best practices and define a globally recognized program for providers who implement the best practices.
"In February 2016, Edna Conway - Chief Security Officer, Global Value Chain, Cisco Systems - was presented with the Outstanding Contribution Award by Steve Nunn, President and CEO of The Open Group, an international standards body working to establish open, vendor-neutral IT standards and certifications in a variety of subject areas critical to the enterprise. The award recognized Edna’s 5 years of service as Vice-Chair of The Open Group Trusted Technology Forum, and her contribution to Information Technology Security as an author of ISO/IEC 20243 (The Open Trusted Technology Provider Standard)."
The Open Trusted Technology Provider Standard – Mitigating Maliciously Tainted and Counterfeit Products (O-TTPS), Version 1.1 was recently approved as ISO/IEC 20243
The O-TTPS is an open standard for organizational commercial best practices that when properly adhered to enhances the security of global supply chains and the integrity of commercial off the shelf (COTS) information and communications technology (ICT) products. It is a process based standard and provides a set of best practices that help assure specifically against maliciously tainted and counterfeit products throughout the COTS ICT product life cycle encompassing the following phases: design, sourcing, build, fulfillment, distribution, sustainment, and disposal. It is available on the ISO site for a fee, but it is freely available on The Open Group site at: www.opengroup.org/bookstore/catalog/c147.htm
The O-TTPS Accreditation Program enables any organization that conforms to the standard to be accredited as an Open Trusted Technology Provider™ and is gaining uptake from large customers like NASA in their SEWP V procurement. This is a key enabler for differentiating organizations and ICT products to customers who are concerned about the security and trust of ICT and their global supply chains. The accreditation program is open to all ICT providers: OEMs, hardware and software component suppliers, integrators, Value-Add Resellers (VARs) and distributors. This not only gives customers the ability to identify and work with trusted/accredited IT business partners, but it also gives OEMs the capability to identify trusted/accredited component suppliers and distributors, they can partner with. More information about getting accredited can be found here: http://www.opengroup.org/accreditation/o-ttps
Guidelines for Implementers of the NIST Cybersecurity Framework (CSF): This Implementation Guide demonstrates how the Open Trusted Technology Provider™ Standard (O-TTPS), a standard of The Open Group, developed by The Open Group Trusted Technology Forum (OTTF), can address some of the supply chain best practices that may be relevant to the NIST Cybersecurity Framework (CSF). Download it free here: https://www2.opengroup.org/ogsys/catalog/G151
Open Trusted Technology Provider™ Standard (O-TTPS), Version 1.1 (Chinese Translation) https://www2.opengroup.org/ogsys/catalog/C147CH
Datasheet describing the work of the Open Group Trusted Technology Forum (OTTF): This 2-page overview can be downloaded here: https://www2.opengroup.org/ogsys/catalog/Q103