O-TTPS Certification as a Companion to CMVP and Common Criteria (C30c)
CMVP does not include evaluation of the delivery of the end product to the final customer. Common Criteria evaluations are moving away from Evaluation Assurance Levels (EALs) that include evaluation of the delivery mechanism. An O-TTPS evaluation as a companion to either or both of these evaluations can be used to distinguish a cryptographic product provider by demonstrating that the organization has procedures in place to guard against maliciously tainted or counterfeit products.
This presentation will provide an overview of the O-TTPS Standard, a discussion of emerging threats to the supply chain, and a brief assessment of the level of effort required to undertake an evaluation.