Huawei achieved accreditation after being assessed by a qualified and recognized independent assessor and was found to have demonstrated conformance to the best practices defined by the standard throughout the product life cycle of products within Huawei’s frequency division duplex (FDD) product line.
The O-TTPS, a standard of The Open Group, was developed to assure both the integrity of commercial off-the-shelf (COTS) information communication technology (ICT) products as well as the security of their supply chains. The O-TTPS, recognized by the International Standards Organization (ISO) as ISO/IEC 20243:2015 in 2015, offers a benchmark that providers and suppliers can use to identify and implement technology development and supply chain practices. These practices give the buyers and users of ICT products, as well as cyber security stakeholders, a basis on which to differentiate offerings among ICT providers.
The O-TTPS was developed by consensus in The Open Group Trusted Technology Forum (OTTF). OTTF is an industry-wide effort, where members like Huawei and other vendors identify best practices and processes. These processes contribute to the secure and trusted development, manufacturing, delivery, and ongoing operation of commercial products. The O-TTPS best practices and product assurance standards can be used to inform and establish objective, risk-informed acquisition and risk management processes.
“Protecting the integrity of ICT products and the security of the global ICT supply chain are among the most daunting of cyber security challenges,” said John Suffolk, Huawei’s Global Cyber Security and Privacy Officer.
“The development and use of risk-informed, industry and stakeholder-developed standards like the O-TTPS is an example of the kind of collaborative effort we need from the global community and individual organizations. Working together we can develop principles that reduce risk and provide an objective, transparent basis for trust.”
Jim Hietala, VP of Security at The Open Group, said, "The Open Group is pleased to see that the O-TTPS, also known as the ISO/IEC 0243:2015 standard, is being adopted globally and that major ICT providers like Huawei are looking at accreditation through the O-TTPS Accreditation Program as an indicator of conformance and as a market differentiator for procurement.
“Conformance by all providers to this standard for product integrity and supply chain security is critical in a global economy where ICT products and their components are developed, manufactured and distributed by providers throughout the world.”
As part of Huawei’s series of global cyber security white papers, Huawei recently highlighted the importance of organizations collaboratively and individually addressing the risks related to commercial off the shelf (COTS) products and global supply chains in its 2016 Cyber Security White Paper entitled, ‘The Global Cyber Security Challenge -- It is time for real progress in addressing supply chain risks’ (June 2016,http://www.huawei.com/en/news/2016/6/2016-Cyber-Security-White-Paper), which was designed to inform ongoing efforts, effective practices, and standards on how the global ICT industry can address supply chain security challenges.
The paper called for accelerated efforts by private organizations and governments to collaborate to address this common challenge.
The O-TTPS accreditation program is publically available here and the standard is available here.