ISO/IEC 20243-1:2018 信息技术 开放可信技术供应商^TM标准（O-TTPS） 减轻恶意污染和假冒产品 第1部分：需求和建议

标准编号：ISO/IEC 20243-1:2018

中文名称：信息技术 开放可信技术供应商^TM标准（O-TTPS） 减轻恶意污染和假冒产品 第1部分：需求和建议

英文名称：Information technology — Open Trusted Technology ProviderTM Standard (O-TTPS) — Mitigating maliciously tainted and counterfeit products — Part 1: Requirements and recommendations

发布日期：2018-02

标准范围

ISO/IEC 20243-1:20 18（O-TTPS）是一套指南、要求和建议，旨在解决整个产品生命周期中对硬件和软件COTS ICT产品完整性的特定威胁。该标准的发布解决了与恶意污染和假冒产品相关的威胁。供应商的产品生命周期包括其设计和开发产品的工作，以及该生命周期的供应链方面，共同延伸至以下阶段:设计、采购、构建、履行、分销、维护和处置。虽然该标准不能完全解决完全超出提供商控制范围的威胁？例如，造假者生产与原始设备制造商（OEM）没有原始联系的假冒印刷电路板组件？标准中详述的实践将提供某种程度的缓解。这种做法的一个例子是在合法产品中使用安全标签技术。

ISO/IEC 20243-1:2018 (O-TTPS) is a set of guidelines, requirements, and recommendations that address specific threats to the integrity of hardware and software COTS ICT products throughout the product life cycle. This release of the Standard addresses threats related to maliciously tainted and counterfeit products.
The provider's product life cycle includes the work it does designing and developing products, as well as the supply chain aspects of that life cycle, collectively extending through the following phases: design, sourcing, build, fulfillment, distribution, sustainment, and disposal. While this Standard cannot fully address threats that originate wholly outside any span of control of the provider?for example, a counterfeiter producing a fake printed circuit board assembly that has no original linkage to the Original Equipment Manufacturer (OEM)?the practices detailed in the Standard will provide some level of mitigation. An example of such a practice would be the use of security labeling techniques in legitimate products.

标准预览图