About the Event   

July 25-26, 2022

Zero Trust Architecture

How Zero Trust Architecture Can Help Secure Data

ZTA provides a way to secure data, a critical asset of the organization, allowing access only to those who need it.

• By treating data as an asset, a Zero Trust Architecture ensures the data can keep their integrity across their entire lifecycle.
• For organizations heavily relying upon data to make decisions, it is imperative that the data used keep their integrity and can be used by data scientists.
• By securing at the asset-level and utilizing secured zones as required, organizations can pursue business objectives while effectively managing risk and continue to operate while in a state of assumed breach.
• Organizations can maintain agility and complete in the Digital Age while remaining secure, operating in a world characterized by velocity, complexity, and disruption, with the goal of enabling better user experience through simplicity, speed, and ability to support scale.

Supply Chain Risk Management

As evidenced over the last couple years, threats to supply chain integrity are a global problem that impacts users and consumers of information and communications (ICT) technology. Solving this problem requires international adoption of best practices and standards by government and enterprise customers and large and small vendors who are all part of the supply chain.

NASA SEWP has worked with the Department of Defense, Private Industry and International Standards Groups for 20 years on Supply Chain Risk Management (SCRM) practices and standards, and the Government-Wide Acquisition Contracts (GWACs).

The NASA SEWP acquisition platform includes the Open Trusted Technology Provider (O-TTPS) ISO 20243 standard for "maliciously tainted and counterfeit products" that are consistent in purpose  and intent with existing and emergent federal policy guidelines. There is a direct correlation between the ISO standard and the controls and practices advocated by NIST. The standard addresses some SCRM needs and can be leveraged by federal buyers to comply with recommended practices. The ISO standard can be applied throughout Government buying platforms utilizing articulated requirements.  Learn about the Benefits of Being Certified as an Open Trusted Technology Provider (O-TTPS).

Open Trusted Technology Provider Standard (O-TTPS)

• Understand how O-TTPS helps assure product integrity and supply chain security so that industry can "Build with integrity, buy with confidence" 
• Learn best practices in all phases of a product's life cycle -- design, sourcing, build, fulfillment, distribution, sustainment, and disposal -- to enhance the integrity of COTS ICT products, and the security of their global supply chains
• Join O-TTPS Birds-of-a-Feather networking reception (Mon. evening) to discuss how to solve similar problems from different perspectives with like-minded individuals

The Open Trusted Technology Forum is responsible for maintaining and updating the Open Trusted Technology Provider™ Standard (O-TTPS), which is technically equivalent to ISO 20243. The O-TTPS differs from traditional cyber security standards in that it focuses on verification of the procedures used within the organization to maintain security and integrity of the supply chain, rather than on testing of individual products or systems. The certification program is one of the first of its kind in providing certification for conforming to standards for product integrity coupled with supply chain security.

Both private and public sector organizations increasingly rely on ICT solutions, which are produced globally, to run their operations. These systems need to be secure and to be kept free of major defects and vulnerabilities for customers to trust them. Equally, providers need to achieve integrity of their supply chains to help attest these systems do not ultimately compromise the security posture of their customers. Moreover, providers need to implement controls that strengthen the integrity of systems containing their intellectual property, thereby mitigating the risk of potential counterfeit components and the loss of intellectual property revenue. 

Complimentary sessions (attend in-person or via LinkedIn Live): 

• TOGAF® User Group (Tue. July 26, 2:00-5:30 pm)
• Data Science Workshop (Wed. July 27, 2:00-4:30 pm)