iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 20243-2:2023

(Main)

Information technology — Open Trusted Technology ProviderTM Standard (O-TTPS) — Part 2: Assessment procedures for the O-TTPS

Information technology — Open Trusted Technology ProviderTM Standard (O-TTPS) — Part 2: Assessment procedures for the O-TTPS

ISO/IEC 20243-2:2018 specifies the procedures to be utilized by an assessor when conducting a conformity assessment to the mandatory requirements in the Open Trusted Technology Provider? Standard (O-TTPS).1 These Assessment Procedures are intended to ensure the repeatability, reproducibility, and objectivity of assessments against the O-TTPS. Though the primary audience for this document is the assessor, an Information Technology (IT) provider who is undergoing assessment or preparing for assessment, may also find this document useful.

Titre manque — Partie 2: Titre manque

General Information

Status
Published
Publication Date
23-Nov-2023
ICS
13.310 - Protection against crime
35.030 - IT Security
Technical Committee
ISO/IEC JTC 1 - Information technology
Drafting Committee
ISO/IEC JTC 1 - Information technology
Current Stage
6060 - International Standard published
Start Date
24-Nov-2023
Due Date
11-Jan-2025
Completion Date
24-Nov-2023
Ref Project

Relations

Revises
ISO/IEC 20243-2:2018 - Information technology — Open Trusted Technology ProviderTM Standard (O-TTPS) — Mitigating maliciously tainted and counterfeit products — Part 2: Assessment procedures for the O-TTPS and ISO/IEC 20243-1:2018
Effective Date
14-Jan-2023

Buy Standard

ISO/IEC 20243-2:2023 - Information technology — Open Trusted Technology ProviderTM Standard (O-TTPS) — Part 2: Assessment procedures for the O-TTPS Released:24. 11. 2023ISO/IEC 20243-2:2023 - Information technology — Open Trusted Technology ProviderTM Standard (O-TTPS) — Part 2: Assessment procedures for the O-TTPS Released:24. 11. 2023
PreviousNext
Standard
ISO/IEC 20243-2:2023 - Information technology — Open Trusted Technology ProviderTM Standard (O-TTPS) — Part 2: Assessment procedures for the O-TTPS Released:24. 11. 2023
English language
50 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC PRF 20243-2 - Information technology — Open Trusted Technology ProviderTM Standard (O-TTPS) — Part 2: Assessment procedures for the O-TTPS Released:11. 10. 2023ISO/IEC PRF 20243-2 - Information technology — Open Trusted Technology ProviderTM Standard (O-TTPS) — Part 2: Assessment procedures for the O-TTPS Released:11. 10. 2023
PreviousNext
Draft
ISO/IEC PRF 20243-2 - Information technology — Open Trusted Technology ProviderTM Standard (O-TTPS) — Part 2: Assessment procedures for the O-TTPS Released:11. 10. 2023
English language
50 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 20243-2
Second edition
2023-11
Information technology — Open
TM
Trusted Technology Provider
Standard (O-TTPS) —
Part 2:
Assessment procedures for the O-TTPS
Reference number
ISO/IEC 20243-2:2023(E)
© ISO/IEC 2023

---------------------- Page: 1 ----------------------
ISO/IEC 20243-2:2023(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
  © ISO/IEC 2023 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 20243-2:2023(E)
Contents Page
Foreword . iv
Preface . vi
Trademarks . viii
Introduction . ix
1 Scope . 1
1.1 Conformance . 1
1.2 Future Directions . 1
2 Normative references . 1
3 Terms and definitions . 2
4 General Concepts . 3
4.1 The O-TTPS . 3
4.2 Assessment Concepts: Relevance of Scope of Assessment and Selected Representative
Products . 4
4.3 Relevance of IT Technology Provider Categories in the Supply Chain . 4
5 Assessment Requirements . 5
5.1 General Requirements for Assessor Activities . 5
5.1.1 General Requirements for Evidence of Conformance . 5
6 Assessor Activities for O-TTPS Requirements . 8
6.1 PD_DES: Software/Firmware/Hardware Design Process . 9
6.2 PD_CFM: Configuration Management . 10
6.3 PD_MPP: Well-Defined Development/Engineering Method Process and Practices . 14
6.4 PD_QAT: Quality and Test Management . 14
6.5 PD_PSM: Product Sustainment Management . 16
6.6 SE_TAM: Threat Analysis and Mitigation . 18
6.7 SE_VAR: Vulnerability Analysis and Response . 20
6.8 SE_PPR: P
...

INTERNATIONAL ISO/IEC
STANDARD 20243-2
Second edition
2023-10
Information technology — Open
Trusted Technology ProviderTM
Standard (O-TTPS) —
Part 2:
Assessment procedures for the O-TTPS
Technologies de l'information — Norme de fournisseur de technologie
de confiance ouverte (O-TTPS) —
Partie 2: Procédures d'évaluation de l'O-TTPS
PROOF/ÉPREUVE
Reference number
ISO/IEC 20243-2:2023(E)
© ISO/IEC 2023

---------------------- Page: 1 ----------------------
ISO/IEC 20243-2:2023(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
PROOF/ÉPREUVE © ISO/IEC 2023 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 20243-2:2023(E)
Contents Page
Foreword . iv
Preface . vi
Trademarks . viii
Introduction . ix
1 Scope . 1
1.1 Conformance . 1
1.2 Future Directions . 1
2 Normative references . 1
3 Terms and definitions . 2
4 General Concepts . 3
4.1 The O-TTPS . 3
4.2 Assessment Concepts: Relevance of Scope of Assessment and Selected Representative
Products . 4
4.3 Relevance of IT Technology Provider Categories in the Supply Chain . 4
5 Assessment Requirements . 5
5.1 General Requirements for Assessor Activities . 5
5.1.1 General Requirements for Evidence of Conformance . 5
6 Assessor Activities for O-TTPS Requirements . 8
6.1 PD_DES: Software/Firmware/Hardware Design Process . 9
6.2 PD_CFM: Configuration Management . 10
6.3 PD_MPP: Well-Defined Development/Engineering Method Process and Practices . 14
6.4 PD_QAT: Quality and Test Management . 14
6.5 PD_PSM: Product Sustainment Management . 16
6.6 SE_TAM: Threat Analysis and Mitigation .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 20243-1:2023(Main)
Information technology — Open Trusted Technology ProviderTM Standard (O-TTPS) — Part 1: Requirements and recommendations for mitigating maliciously tainted and counterfeit products

ISO/IEC 20243-1:2018 (O-TTPS) is a set of guidelines, requirements, and recommendations that address specific threats to the integrity of hardware and software COTS ICT products throughout the product life cycle. This release of the Standard addresses threats related to maliciously tainted and counterfeit products. The provider's product life cycle includes the work it does designing and developing products, as well as the supply chain aspects of that life cycle, collectively extending through the following phases: design, sourcing, build, fulfillment, distribution, sustainment, and disposal. While this Standard cannot fully address threats that originate wholly outside any span of control of the provider ? for example, a counterfeiter producing a fake printed circuit board assembly that has no original linkage to the Original Equipment Manufacturer (OEM) ? the practices detailed in the Standard will provide some level of mitigation. An example of such a practice would be the use of security labeling techniques in legitimate products.

  • Standard
    31 pages
    English language
    sale 15% off
  • Draft
    31 pages
    English language
    sale 15% off
ISO
ISO/IEC 20243-1:2023(Main)
Information technology — Open Trusted Technology ProviderTM Standard (O-TTPS) — Part 1: Requirements and recommendations for mitigating maliciously tainted and counterfeit products

ISO/IEC 20243-1:2018 (O-TTPS) is a set of guidelines, requirements, and recommendations that address specific threats to the integrity of hardware and software COTS ICT products throughout the product life cycle. This release of the Standard addresses threats related to maliciously tainted and counterfeit products. The provider's product life cycle includes the work it does designing and developing products, as well as the supply chain aspects of that life cycle, collectively extending through the following phases: design, sourcing, build, fulfillment, distribution, sustainment, and disposal. While this Standard cannot fully address threats that originate wholly outside any span of control of the provider ? for example, a counterfeiter producing a fake printed circuit board assembly that has no original linkage to the Original Equipment Manufacturer (OEM) ? the practices detailed in the Standard will provide some level of mitigation. An example of such a practice would be the use of security labeling techniques in legitimate products.

  • Standard
    31 pages
    English language
    sale 15% off
  • Draft
    31 pages
    English language
    sale 15% off
ISO
ISO 21978:2023(Main)
Air to water heat pumps — Testing and rating at part load conditions and calculation of seasonal coefficient of performance for space heating

This document specifies test conditions for determining the seasonal performance characteristics of air to water heat pumps for space heating with electrically driven compressors with or without supplementary heater. In the case of air to water heat pumps for space heating consisting of several parts with refrigerant or water connections, this document applies only to those designed and supplied as a complete package. The seasonal coefficient of performance depends, inter alia, on the climate conditions and temperature regime of the space heating distribution network. This document specifies: — three design conditions, each of them being characterized by a design temperature which represents the lowest temperature that can occur in that design condition; — three water temperature distribution regimes, namely “temperature application” in the text. This document also provides a full description of three heating seasons that can be used with the associated design conditions.

  • Standard
    50 pages
    English language
    sale 15% off
  • Draft
    49 pages
    English language
    sale 15% off
  • Draft
    49 pages
    English language
    sale 15% off
ISO
ISO 24438:2023(Main)
Ships and marine technology — Maritime education and training — Maritime career guidance

This document provides a powerful decision-making tool for persons that either have clear professional development goals or uncertainties related to the progression of their career paths, including minimum education and training requirements for many of the maritime-related occupations. It aims to assist candidates to take the necessary steps to meet their goals. This document seeks to assist professionals in (or those who would like to enter) the maritime sector, on board or ashore, in determining their professional goals, establishing how to achieve them through this proactive tool, taking into consideration: — personal circumstances and academic background; — previous work experience, knowledge and skills; — short, medium and long-term ambitions; — changing education and training requirements resulting from continual industry evolution; — current and future job opportunities, — impact of technology, and — shifting personal interests, attitudes, abilities, and goals. This document helps identify many of the potential jobs within the maritime industry, on board and ashore, in order to provide alternative career paths.

  • Standard
    17 pages
    English language
    sale 15% off
  • Draft
    16 pages
    English language
    sale 15% off
  • Draft
    16 pages
    English language
    sale 15% off
ISO
ISO 3951-6:2023(Main)
Sampling procedures for inspection by variables — Part 6: Specification for single sampling plans for isolated lot inspection indexed by limiting quality (LQ)

This document specifies an acceptance sampling system of single sampling plans for inspection by variables, primarily designed for use under the following conditions: a) where the inspection procedure is applied to an isolated lot of discrete products all supplied by one producer using one production process; b) where only a single quality characteristic, x, of this process is taken into consideration, which is measurable on a continuous scale; c) where the quality characteristic, x, is distributed according to a normal distribution or a close approximation to a normal distribution; d) where the quality characteristic can be measured without error or with moderate measurement error; e) where a contract or standard defines a lower specification limit, L, an upper specification limit, U, or both; an item is qualified as conforming if and only if its measured quality characteristic, x, satisfies the appropriate one of the following inequalities: 1) x ≥ L (i.e. the lower specification limit is not violated); 2) x ≤ U (i.e. the upper specification limit is not violated); 3) x ≥ L and x ≤ U (i.e. neither the lower nor the upper specification limit is violated). Inequalities 1) and 2) are cases with a single specification limit, whereas inequality 3) is a case with double specification limits. Where double specification limits apply, it is assumed in this document that conformance to both specification limits is equally important to the integrity of the product. In such cases, it is appropriate to apply a single LQ to the combined fraction of a product outside the two specification limits. This is referred to as combined control.

  • Standard
    80 pages
    English language
    sale 15% off
  • Draft
    82 pages
    English language
    sale 15% off
  • Draft
    82 pages
    English language
    sale 15% off
ISO
ISO 16478:2023(Main)
Thermal insulation products — Vacuum insulation panels (VIPs) — Specification

This document: — defines requirements for vacuum insulation panels (VIPs) with silica or glass fibre core, which are used for thermal insulation of buildings; — outlines required product properties, their performance, test methods and rules for conformity evaluations, identification and labelling; — provides a test method to determine ageing factors and the influence of the linear thermal bridges at the edges. This document is applicable to all types of silica and glass fibre core VIPs, independent of the type of envelope. In the case of a glass fibre core VIP, it is only applicable to VIPs with desiccants whose service life is ≥ 25 years. This document is not applicable to: — any specific installation and application requirements; — products intended to be used for the insulation of building equipment and industrial installations.

  • Standard
    52 pages
    English language
    sale 15% off
  • Draft
    52 pages
    English language
    sale 15% off
  • Draft
    52 pages
    English language
    sale 15% off
ISO
ISO 12643-1:2023(Main)
Graphic technology — Safety requirements for graphic technology equipment and systems — Part 1: General requirements

This document provides safety specifications for the design and construction of new equipment used in prepress systems, printing press systems, binding and finishing systems, converting systems, corrugated board manufacturing systems and stand‑alone platen presses. It is applicable to equipment used in stand-alone mode, or in combination with other machines, including ancillary equipment, in which all the machine actuators (e.g. drives) of the equipment are controlled by the same control system. The requirements given in this document are applicable to the equipment covered by ISO 12643 (all parts), unless otherwise noted. This document is intended to be used in conjunction with the applicable part of ISO 12643 that contains additional requirements specific to a particular type of equipment. This document addresses recognized significant hazards specific to equipment and systems in the following areas: — mechanical; — electrical; — slipping, tripping, falling; — ergonomics; — noise; — UV and laser radiation; — fire and explosion; — thermal; — substances and material used for processing; — failure, malfunction of control system; — other types of emissions [e.g. ozone, ink mist, volatile organic compounds (VOCs), etc.]. This document is not applicable to: — equipment manufactured before the date of its publication; — ordinary office equipment for digital printing and paper processing, such as digital printers, copiers, sorters, binders and staplers, which is intended for use outside the printing and paper industry; — winder-slitters and sheeters in paper finishing (sheeters with unwinders); — office-type collating machines equipped with friction feeders; — mail processing machines; — machines used for filling packages (such as machines for shaping, filling, and closing the package); and — textile printing presses. The safety principles established in this document can also be applicable to the design of equipment within areas of technology that are not specified in ISO 12643 (all parts).

  • Standard
    110 pages
    English language
    sale 15% off
  • Standard
    121 pages
    French language
    sale 15% off
  • Draft
    110 pages
    English language
    sale 15% off
  • Draft
    111 pages
    English language
    sale 15% off
  • Draft
    111 pages
    English language
    sale 15% off
  • Draft
    120 pages
    French language
    sale 15% off
  • Draft
    122 pages
    French language
    sale 15% off
ISO
ISO 12643-4:2023(Main)
Graphic technology — Safety requirements for graphic technology equipment and systems — Part 4: Converting equipment and systems

This document deals with all significant hazards, hazardous situations or hazardous events relevant to converting equipment and systems used in the corrugated board, package printing, converting and graphic technology industries (see Clause 5), when it is used as intended and under conditions of misuse which are reasonably foreseeable by the manufacturer. This document is applicable to converting equipment not covered by other parts of ISO 12643. This document is not applicable to the machinery or machinery components manufactured before the date of its publication.

  • Standard
    80 pages
    English language
    sale 15% off
  • Standard
    81 pages
    French language
    sale 15% off
  • Draft
    80 pages
    English language
    sale 15% off
  • Draft
    80 pages
    English language
    sale 15% off
  • Draft
    84 pages
    French language
    sale 15% off
ISO
ISO/IEC 27033-7:2023(Main)
Information technology – Network security — Part 7: Guidelines for network virtualization security

This document aims to identify security risks of network virtualization and proposes guidelines for the implementation of network virtualization security. Overall, this document intends to considerably aid the comprehensive definition and implementation of security for any organization’s virtualization environments. It is aimed at users and implementers who are responsible for the implementation and maintenance of the technical controls required to provide secure virtualization environments.

  • Standard
    23 pages
    English language
    sale 15% off
  • Draft
    23 pages
    English language
    sale 15% off
  • Draft
    23 pages
    English language
    sale 15% off
ISO
ISO 4266-2:2023(Main)
Petroleum and liquid petroleum products — Measurement of level and temperature in storage tanks by automatic methods — Part 2: Measurement of level in marine vessels

This document gives guidance on the accuracy, installation, calibration and verification of automatic level gauges (ALGs), both intrusive and non-intrusive, for measuring the level of petroleum and liquid petroleum products having a Reid vapour pressure less than 100 kPa, transported aboard marine vessels (i.e. tankers and barges). This document gives guidance for buyers and sellers who mutually agree to use marine ALGs for either fiscal and/or custody transfer applications. This document is not applicable to the measurement of level in refrigerated cargo tanks. NOTE For information on the measurement of level in refrigerated cargo tanks, please see ISO 18132-1 and ISO 18132-3.

  • Standard
    12 pages
    English language
    sale 15% off
  • Draft
    12 pages
    English language
    sale 15% off
  • Draft
    12 pages
    English language
    sale 15% off