Iso 20243 Whitepaper

Extrait du fichier (au format texte) :

WHITE PAPER

ISO 20243:
Product Security Trust
Through Certification

The threat landscape is constantly evolving across all sectors of the technology industry. To meet this challenge, customers require an enhanced level of trust in products that form the foundation of the datasphere. Seagate is dedicated to achieving an industry leading security posture that addresses contemporary risks while providing adaptive resilience against new threats. This approach is grounded in a holistic approach toward Product Security.

What Is Product Security?
Product security is the unification of security disciplines that have traditionally been considered separate. The end goal is to provide a product that has been designed, manufactured, and delivered with integrated security at every phase of the product life cycle. If a chain is only as strong as its weakest link, so too is a product only as secure as its weakest design feature or supply chain state.

Lifecycle Security is Risk Management
The digital storage industry is centered on trust. Storage is vital for most digital products and services in the digital economy, and customers want to trust that their storage solutions will not fail and that their data is protected. For Seagate, this means product integrity has an immense impact on the brand. In addition to improving and aligning our own internal development processes with security in mind, Seagate's extensive supply chain must also fall under a security umbrella that ensures no stone left unturned, no threat vector left unaddressed. Critical components and suppliers must be and are a vital link in this chain. For these unique challenges, a flagship standard for life cycle security is required one that can guide not only product development but serve to hold suppliers to a high standard of security best practices.

Understanding OTTP-S/ISO20243
Product lifecycle security is a relatively new concept and as a result, the means of attestation are also new. The Open Trusted Technology Provider Standard (OTTP-S), also known as ISO20243,
certifies a product line for secure technology development, secure engineering development,
and secure supply chain. Every phase and aspect of the product's production and delivery are addressed, with the aim of minimizing vulnerability to malicious tampering and counterfeit components. ISO20243 requires established operating procedures to enforce these secure best practices, ensuring that the production processes are resilient and enduring. The comprehensive nature of this standard allows it to be deployed across both internal and external development and supply chain phases. While Seagate uses these requirements to organize, articulate, and improve our own best practices, these same requirements are expressed to Seagate's most critical suppliers.
Seagate has undertaken an effort to document the posture of these critical suppliers relative to the requirements contained in ISO20243. Any gaps are addressed via mitigation plans so that risk relative to product supply chain is documented and minimized.

2

|

The Path to Certification and Security Maturity
In August of 2019 Seagate achieved ISO20243 certification for its HDD product lines via an