Ensuring the security of supply chains has become a crucial focus for enterprises across all industries. The significance of standardized, reliable, and compatible information frameworks cannot be emphasized enough. In response to this requirement, the OASIS Open Supply Chain Information Modeling (OSIM) Technical Committee (TC) is being established to enhance global supply chain management. The initial members of the TC include AT&T, Cisco, Google, Microsoft, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and others detailed in the charter.
The Goals and Objectives of OSIM TC
The mission of OSIM TC is multi-faceted, aiming to elevate the effectiveness and security of supply chains through detailed and adaptable information modeling, depicted below:
OSIM TC is dedicated to exploring existing supply chain practices and disseminating discoveries among its members. The objective is to recognize, cite, and, wherever feasible, repurpose existing efforts to prevent duplication. OSIM TC will concentrate on articulating distinct value propositions and crafting comprehensive scenarios for supply chain information modeling, ensuring the applicability of models in practical scenarios.
The committee will establish and sustain norms for supply chain information models, encompassing all facets of supply chains. These norms are crafted to be pertinent and suitable for present and future industrial requirements. By formulating standards that advocate conformity and compatibility, OSIM TC strives to forge seamless integration throughout diverse platforms and industries, fostering a more cohesive and effective supply chain network.
A notable portion of OSIM TC’s endeavors will involve advocating the widespread acceptance of these standards. The objective is to ensure extensive adoption among hardware and software providers as well as open-source communities. OSIM TC will offer continual technical know-how and direction to stakeholders regarding the application and evolution of these information model standards, guaranteeing their alignment with cutting-edge technology and industry prerequisites.
Associated Standards and Endeavors
The subsequent table summarizes the parallel activities to the undertakings of the OSIM TC.
| Endeavor | Explanation | Comparison and Deliberation for OSIM |
| Asset Administration Shell (AAS) | Backs coherent information exchange across a supply chain. Furnishes numerous sub-models for information modeling. | Ponder employing established frameworks from AAS. |
| Software Bill of Materials (SBOMs) | An embedded inventory, an enumeration of constituents constituting software elements. Delivers software supply chain data for evaluation and modeling. | Evaluate for value propositions and scenarios of use. |
| Common Security Advisory Framework (CSAF) | A principle that offers a structured approach to publishing and distributing security notifications and Vulnerability eXploitability Exchange (VEX) information. | Might stipulate the foundational information model and norm, and also compare it with other models. |
| OASIS Computing Ecosystem Supply-Chain (CES) | Delineates blockchain data schemas, APIs, and intelligent contracts for supply chains. | Monitor for prospects in information modeling. |
| CycloneDX | Specifies serializations for exchanging SBOM and VEX information. | Identify and contrast its underlying information model with alternative models. |
| In-toto | A configuration to safeguard supply chain integrity. | Monitor for prospects in information modeling. |
| ISO/IEC/IEEE 12207:2017 | Processes in the software life cycle. | Monitor for prospects in information modeling. |
| JSON Abstract Data Modeling (JADN) | Dialect for modeling information that might be employed by OSIM. | Language for modeling information that might be utilized by OSIM. |
| OpenEoX | Stipulates the exchange of EOL and EOS information within the sector. | Might stipulate the foundational information model. |
– Involvement in the commerce and operational processes for local and global supply chains like acquisition, buying, shipping, distribution, coordination of various modes of freight, and other management duties of the supply chain.
It is my privilege to serve as the head of the Common Security Advisory Framework (CSAF) and the originator and co-head of OpenEoX. I am eagerly anticipating the practical recommendations the OSIM TC will provide to assist in merging these codes with others as part of their functioning.
Important Outcomes of OSIM TC
The objectives of OSIM TC focus on producing concrete and actionable outcomes, which encompass:
- Advantages and Usage Scenarios: Utilized for outlining the data structures, their importance, and the ways they can be used in alternative supply chain circumstances.
- Standards for Supply Chain Data Models: OSIM TC will publish one or more comprehensive specifications that elaborate on the data models.
- Guides for Implementation: OSIM TC will supply guidelines that present practical recommendations to aid in merging these standards into their operations.
- Repositories and Tools in the Public Domain: The OSIM TC will develop tools, exemplar implementations, FAQs, and other resources to bolster the understanding and acceptance of the TC’s work results.
OSIM is a notable leap towards a more secure and steadfast supply chain ecosystem. This move underscores the fundamental role of regulation and illustrates how coherent directives can notably augment the reliability and security of infrastructures worldwide.
We are eager to hear your feedback. Pose a Query, Share Your Thoughts, and Stay Engaged with Cisco Security on social media!
Cisco Security Social Platforms
Instagram
Facebook
Twitter
LinkedIn
About Author
