Save the Dates! 

Monday, July 25   Zero Trust Architecture

How Zero Trust Architecture Can Help Secure Data

ZTA provides a way to secure data, a critical asset of the organization, allowing access only to those who need it.

• By treating data as an asset, a Zero Trust Architecture ensures the data can keep their integrity across their entire lifecycle.
• For organizations heavily relying upon data to make decisions, it is imperative that the data used keep their integrity and can be used by data scientists.
• By securing at the asset-level and utilizing secured zones as required, organizations can pursue business objectives while effectively managing risk and continue to operate while in a state of assumed breach.
• Organizations can maintain agility and complete in the Digital Age while remaining secure, operating in a world characterized by velocity, complexity, and disruption, with the goal of enabling better user experience through simplicity, speed, and ability to support scale.

Tuesday, July 26  Supply Chain Security

As evidenced over the last couple years, threats to supply chain integrity are a global problem that impacts users and consumers of information and communications (ICT) technology. Solving this problem requires international adoption of best practices and standards by government and enterprise customers and large and small vendors who are all part of the supply chain.

The Open Trusted Technology Forum is responsible for maintaining and updating the Open Trusted Technology Provider™ Standard (O-TTPS), which is technically equivalent to ISO 20243. The standard includes best practices throughout all phases of a product’s life cycle: design, sourcing, build, fulfillment, distribution, sustainment, and disposal, thus enhancing the integrity of COTS ICT products and the security of their global supply chains. The O-TTPS differs from traditional cyber security standards in that it focuses on verification of the procedures used within the organization to maintain security and integrity of the supply chain, rather than on testing of individual products or systems. The certification program is one of the first of its kind in providing certification for conforming to standards for product integrity coupled with supply chain security.

Both private and public sector organizations increasingly rely on ICT solutions, which are produced globally, to run their operations. These systems need to be secure and to be kept free of major defects and vulnerabilities for customers to trust them. Equally, providers need to achieve integrity of their supply chains to help attest these systems do not ultimately compromise the security posture of their customers. Moreover, providers need to implement controls that strengthen the integrity of systems containing their intellectual property, thereby mitigating the risk of potential counterfeit components and the loss of intellectual property revenue.

Open Trusted Technology Provider (O-TTPS)

NASA SEWP has worked with the Department of Defense, Private Industry and International Standards Groups for 20 years on Supply Chain Risk Management (SCRM) practices and standards, and the Government-Wide Acquisition Contracts (GWACs).

The NASA SEWP acquisition platform includes the Open Trusted Technology Provider (O-TTPS) ISO 20243 standard for "maliciously tainted and counterfeit products" that are consistent in purpose and intent with existing and emergent federal policy guidelines. There is a direct correlation between the ISO standard and the controls and practices advocated by NIST. The standard addresses some SCRM needs and can be leveraged by federal buyers to comply with recommended practices. The ISO standard can be applied throughout Government buying platforms utilizing articulated requirements.  Learn more.

Benefits of Being a Certified Trusted Technology Provider (O-TTPS)

Additional highlights include: 

• Data Science Workshop
• Blockchain EA Work Group