The Open Group announced that Huawei Technologies Co., Ltd. has been accredited to the Open Trusted Technology Provider™ Standard – mitigating maliciously tainted and counterfeit products (O-TTPS).
The O-TTPS was developed and is maintained by The Open Group and in 2015 was submitted through the Publicly Available Specification (PAS) process to ISO/IEC where it was approved as ISO/IEC 20243:2015 with no changes. Therefore, because the two standards are technically equivalent, an organisation accredited through the O-TTPS Accreditation Programme can claim accreditation to the O-TTPS as well as to ISO/IEC 20243:2015.
The standard is one of the first standards aimed at assuring both the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products and the security of their supply chains. The standard helps safeguard the products and their global supply chains against the increasing sophistication of cybersecurity attacks.
The standard and the accreditation programme were developed in The Open Group Trusted Technology Provider Forum by consensus from a cross section of ICT stakeholders: customers, providers, including some of the most mature ICT providers in the industry, assessors, academics and others. A list of the participating members can be found on the Forum website here.
The Open Group O-TTPS Accreditation Programme recognises Open Trusted Technology Providers who are conformant to the standard by granting the use of The Open Trusted Technology Provider™ trademark and listing the organisation on a public registry.
Accreditation is applicable and available to all ICT providers in the chain: OEMS, integrators, hardware and software component suppliers, value-add resellers and distributors. Being able to identify accredited organisations on a public registry not only benefits commercial customers and governments who want to work with trusted technology partners, it also benefits COTS ICT providers, who can identify and choose to work with accredited component suppliers, distributors and value-added resellers that would also be listed on the registry – thus enabling a holistic approach, essential to raising the bar on security and integrity for all constituents in the supply chain.
When applying for accreditation, ICT providers choose their accreditation scope, which can be an individual product, product-line or business unit, or an entire organisation.
Huawei was assessed by a qualified and O-TTPS Recognised assessor company, atsec information security, and accredited by The Open Group for conforming to the best practices defined in the standard throughout the product life cycle of the FDD (Frequency Division Duplex) product line of its Wireless Network Business Unit.
“Huawei’s accreditation to the O-TTPS also known as ISO/IEC 20243:2015 is a great example of a global organisation working to help ensure the integrity of its COTS ICT products and the security of its supply chain.” said Steve Nunn, CEO and president, The Open Group.“ This Open Group approach to international standards and accreditation is paving the way for diminishing cybersecurity and supply chain risks globally, reducing trade barriers based on disparate requirements locally, and fostering trust and innovation in ICT products from providers around the world – products and providers upon which government, business, and critical infrastructure enterprises depend.”
“We’re pleased to announce our Open Group accreditation to ISO/IEC 20243:2015 and show our commitment to the integrity of our products and the security of our supply chains,” John Suffolk, Huawei’s global cyber security and privacy officer said. “Huawei is dedicated to ensuring our organisation is consistently following product integrity and supply chain security best practices defined by international standards like ISO/IEC 20243:2015 and we encourage other organisations to do the same, so that together we can begin to assure the security and integrity of all products and components, regardless of where they are developed, manufactured or distributed.”
Suffolk also said: “The development and use of risk-informed, industry and stakeholder-developed standards like the O-TTPS is an example of the kind of collaborative effort the global community – and individual organisations — can take to reach agreement on principles, laws, standards, best practices, norms of conduct, and protocols that can reduce risk and provide an objective, transparent basis for trust.”
The O-TTPS accreditation programme is publically available here and the standard is available here.
About The Open Group
The Open Group is an international vendor- and technology‐neutral consortium upon which organizations rely to lead the development of IT standards and certifications, and to provide them with access to key industry peers, suppliers and best practices. The Open Group provides guidance and an open environment in order to ensure interoperability and vendor neutrality. Further information on The Open Group can be found atwww.opengroup.org.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.