ISO 20243 vs. AS5553 vs. CISA ICT SCRM

P

Pam Rice

Registered
Hi everyone!

I'm not sure this is the correct forum, but it seems to fit better than most.

I've searched the site, but I can't find any related information about the ISO 20243:2018 standard (Information technology - Open Trusted Technology Provider Standard (O-TTPS) - Mitigating maliciously tainted and counterfeit products) vs. AS5553 Standard (Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition) vs CISA ICT CRM (Cybersecurity & Infrastructure Security Agency Information and Communications Technology Supply Chain Risk Management). I work for a small-disadvantaged business. We are currently a pass-through re-seller on a Government GWAC. The Government Program Office is requesting all re-sellers on the GWAC complete an ISO 20243 self-assessment. While I'm familiar with the Supplier requirements of ISO 9001:2015 and we have documented processes and forms for that, the requirements for ISO 20243 are much, much more stringent. Has anyone on this forum gone through an ISO 20243 self-assessment or third party assessment? I'm looking for any thoughts or recommendations on how to move forward without implementing a huge number of procedures and forms. Thanks!
 
Highly Rated Gage Tracking - Learn More
Elsmar Forum Sponsor
Pam Rice said:
Hi everyone!

I'm not sure this is the correct forum, but it seems to fit better than most.

I've searched the site, but I can't find any related information about the ISO 20243:2018 standard (Information technology - Open Trusted Technology Provider Standard (O-TTPS) - Mitigating maliciously tainted and counterfeit products) vs. AS5553 Standard (Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition) vs CISA ICT CRM (Cybersecurity & Infrastructure Security Agency Information and Communications Technology Supply Chain Risk Management). I work for a small-disadvantaged business. We are currently a pass-through re-seller on a Government GWAC. The Government Program Office is requesting all re-sellers on the GWAC complete an ISO 20243 self-assessment. While I'm familiar with the Supplier requirements of ISO 9001:2015 and we have documented processes and forms for that, the requirements for ISO 20243 are much, much more stringent. Has anyone on this forum gone through an ISO 20243 self-assessment or third party assessment? I'm looking for any thoughts or recommendations on how to move forward without implementing a huge number of procedures and forms. Thanks!
Click to expand...

New
Good day @Pam Rice
The ISO 20243 standard is not a type "A", nor "B", nor "MS" (ISO classifications). Therefore, an organization can not be certified to this standard via normal avenues.
While it is recognized by ISO as evident by the title/numbering, it is a it is a product of an organization called "The Open Group".

Any awarded certification must be through the "Open Group's" accreditation program...i.e. the certification appears to be available ONLY to assessors and not to organization's.

I have reached out to NIST for further clarification....

Be well.
Click to expand...
 
Well - if you are required to meet the requirements for your contract, then you need to meet the requirements and "implementing a huge number of procedures and forms". This is black and white.

If you want to seel to the gov't, there are going to be a lot of these requirements. Either you choose to meet them or you say No and lose business.
 
You must log in or register to reply here.

Similar threads

Sidney Vianna
  • Sticky
ISO 14001 FAQ's Cut and Pasted from the ISO Site
Replies
0
Views
36K
Sidney Vianna
Sidney Vianna
Marc
Hacker Hunters - An elite force takes on the dark side of computing
Replies
0
Views
3K
Marc
Marc
Marc
Tick-IT vs. ISO 9001 vs. CMM - Software Quality Assurance
Replies
1
Views
7K
Marc
Marc
Marc
QS9000 vs ISO/TS16949
Replies
2
Views
5K
Marc
Marc
Back
Top Bottom