OCP SAFE：为异构数据中心基础设施启用 IBV 固件供应链安全.pdf

《OCP SAFE：为异构数据中心基础设施启用 IBV 固件供应链安全.pdf》由会员分享，可在线阅读，更多相关《OCP SAFE：为异构数据中心基础设施启用 IBV 固件供应链安全.pdf（16页珍藏版）》请在三个皮匠报告上搜索。

1、OCP S.A.F.E.:Enabling IBV Firmware Supply Chain Security for a Heterogeneous Datacenter InfrastructureStefano Righi,AMIOCP S.A.F.E.:Enabling IBV Firmware Supply Chain Security for a Heterogeneous Datacenter InfrastructureStefano RighiAMIADOPTION OF OCP-RECOGNIZED EQUIPMENT&FACILITIESOutline54321Why

2、OCP S.A.F.E.?OCP S.A.F.E.OverviewOCP S.A.F.E.ProgramAdvantages for adoptersCall to ActionData Centers host a variety of processing devices and peripheral componentseach running updatable firmware and softwareThere is a need to address complex security challenges in this constantly evolving ecosystem

3、Security assurance must address:Code provenanceCode qualitySoftware supply chainReleases and patchesAvoid effort duplication through security audit transparencyStandardize security reviewsWhy OCP S.A.F.E.?Regulatory LandscapeEU CRAISA/IEC62443 4-2EU Cyber Resilience Act-All Products with Digital Ele

4、ments(PDEs)-To be enforced Q4 2027IEC 62443 4-2 Industrial Control Platforms-Resilient System ComponentsFDA guidelines and approval for medical equipmentEU GDPR ISA/IEC62443 4-2SECPDPBSoftware/Firmware ResilienceOperational SecurityData Privacy and ProtectionSEC data breach reportingPCI DSS 4.0Korea

5、 PIPAColombia Decree 338 of 2022South Africa FCSAAustralia ACSCTaiwan modaJapan JC StarJapan NISCIndia PDPBPCI DSS 4.0Chinese Cybersecurity LawBrazil LGPD Centralized framework to ensure conformance and reliabilityObjectivity achieved through third party certifiedprovidersHolistic approach instead o

6、f certification checklistS.A.F.E.standardizes security audits of hardware and softwarefocus on datacenter server componentsLayered onion approachevery component undergo security testing before being adopted downstreamIncremental process throughout product lifecycle OCP S.A.F.E.OverviewFrameworkRevie