{"id":347394,"date":"2024-10-20T00:26:02","date_gmt":"2024-10-20T00:26:02","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-iso-iec-20243-22018\/"},"modified":"2024-10-25T23:56:26","modified_gmt":"2024-10-25T23:56:26","slug":"bs-iso-iec-20243-22018","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-iso-iec-20243-22018\/","title":{"rendered":"BS ISO\/IEC 20243-2:2018"},"content":{"rendered":"

This document specifies the procedures to be utilized by an assessor when conducting a conformity assessment to the mandatory requirements in the Open Trusted Technology Provider\u2122 Standard (O-TTPS).1<\/sup><\/p>\n

These Assessment Procedures are intended to ensure the repeatability, reproducibility, and objectivity of assessments against the O-TTPS. Though the primary audience for this document is the assessor, an Information Technology (IT) provider who is undergoing assessment or preparing for assessment, may also find this document useful.<\/p>\n

1<\/sup> The O-TTPS is freely available at: \/2. The O-TTPS is technically identical to ISO\/IEC 20243:2015 ISO\/IEC 20243-1:2018 and is available at: \/2<\/p>\n

Open Trusted Technology ProviderTM<\/sup> Standard (O-TTPS) Certification Program: Assessment Procedures for the O-TTPS, ISO\/IEC 20243:2015 and ISO\/IEC 20243-1:2018<\/p>\n

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
2<\/td>\nundefined <\/td>\n<\/tr>\n
7<\/td>\n1. Introduction
1.1 Scope
1.2 Normative References
1.3 Terms and Definitions
1.3.1 Distributor
1.3.2 Evidence of Conformance
1.3.3 Implementation Evidence
1.3.4 O-TTPS Requirements
1.3.5 Organization <\/td>\n<\/tr>\n
8<\/td>\n1.3.6 Pass-Through Reseller
1.3.7 Process Evidence
1.3.8 Scope of Assessment
1.3.9 Selected Representative Product <\/td>\n<\/tr>\n
9<\/td>\n2. General Concepts
2.1 The O-TTPS
2.2 Assessment Concepts: Relevance of Scope of Assessment and Selected Representative Products <\/td>\n<\/tr>\n
10<\/td>\n2.3 Relevance of IT Technology Provider Categories in the Supply Chain <\/td>\n<\/tr>\n
12<\/td>\n3. Assessment Requirements
3.1 General Requirements for Assessor Activities
3.1.1 General Requirements for Evidence of Conformance <\/td>\n<\/tr>\n
14<\/td>\n4. Assessor Activities for O-TTPS Requirements
4.1 PD_DES: Software\/Firmware\/Hardware Design Process <\/td>\n<\/tr>\n
15<\/td>\n4.2 PD_CFM: Configuration Management <\/td>\n<\/tr>\n
17<\/td>\n4.3 PD_MPP: Well-defined Development\/Engineering Method Process and Practices
4.4 PD_QAT: Quality and Test Management <\/td>\n<\/tr>\n
19<\/td>\n4.5 PD_PSM: Product Sustainment Management <\/td>\n<\/tr>\n
20<\/td>\n4.6 SE_TAM: Threat Analysis and Mitigation <\/td>\n<\/tr>\n
22<\/td>\n4.7 SE_VAR: Vulnerability Analysis and Response <\/td>\n<\/tr>\n
23<\/td>\n4.8 SE_PPR: Product Patching and Remediation
4.9 SE_SEP: Secure Engineering Practices <\/td>\n<\/tr>\n
25<\/td>\n4.10 SE_MTL: Monitor and Assess the Impact of Changes in the Threat Landscape <\/td>\n<\/tr>\n
26<\/td>\n4.11 SC_RSM: Risk Management <\/td>\n<\/tr>\n
27<\/td>\n4.12 SC_PHS: Physical Security <\/td>\n<\/tr>\n
28<\/td>\n4.13 SC_ACC: Access Controls <\/td>\n<\/tr>\n
29<\/td>\n4.14 SC_ESS: Employee and Supplier Security and Integrity <\/td>\n<\/tr>\n
30<\/td>\n4.15 SC_BPS: Business Partner Security
4.16 SC_STR: Supply Chain Security Training <\/td>\n<\/tr>\n
31<\/td>\n4.17 SC_ISS: Information Systems Security
4.18 SC_TTC: Trusted Technology Components <\/td>\n<\/tr>\n
32<\/td>\n4.19 SC_STH: Secure Transmission and Handling <\/td>\n<\/tr>\n
34<\/td>\n4.20 SC_OSH: Open Source Handling <\/td>\n<\/tr>\n
35<\/td>\n4.21 SC_CTM: Counterfeit Mitigation <\/td>\n<\/tr>\n
36<\/td>\n4.22 SC_MAL: Malware Detection <\/td>\n<\/tr>\n
38<\/td>\nA Annex: Assessment Guidance
A.1 Guidance <\/td>\n<\/tr>\n
39<\/td>\nB Annex: Assessment Report Template <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

Information technology. Open Trusted Technology ProviderTM<\/sup> Standard (O-TTPS). Mitigating maliciously tainted and counterfeit products – Assessment procedures for the O-TTPS and ISO\/IEC 20243-1:2018<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
BSI<\/b><\/a><\/td>\n2018<\/td>\n40<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":347403,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2641],"product_tag":[],"class_list":{"0":"post-347394","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-bsi","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/347394","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/347403"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=347394"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=347394"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=347394"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}