2.x |
Approved w/Constraints [2, 4, 6, 7] |
Approved w/Constraints [2, 4, 6, 7] |
Approved w/Constraints [2, 4, 6, 7] |
Approved w/Constraints [2, 4, 6, 7] |
Approved w/Constraints [4, 6, 8, 9] |
Approved w/Constraints [4, 6, 8, 9] |
Approved w/Constraints [4, 6, 8, 9] |
Approved w/Constraints [4, 6, 8, 9] |
Approved w/Constraints [4, 6, 8, 9] |
Approved w/Constraints [4, 6, 8, 9] |
Approved w/Constraints [4, 6, 8, 9] |
Approved w/Constraints [4, 6, 8, 9] |
| | [1] | Mouse System owners need to stay informed about Mouse Recorder Premium and its component development activities to ensure updates and patches are tested and installed in a timely manner. Additionally, system owners need to constantly monitor the various resources within the Mouse Recorder Premium and its component development project to identify the most up-to-date information and solutions to mitigate or remediate vulnerabilities.
Enforce role-based access control (R-BAC) through Active Directory for the creation of different accounts based on organizational roles. For example, system administrators can manage and monitor the servers without being allowed access to ongoing security incident investigation.
When establishing a password for the Mouse Recorder Premium, ensure that all VA password requirements are met with regard to length and complexity. VA Handbook 6500 Control IA-5: Authenticator Management sets a standard of at least 8 non-blank characters. They must contain characters from three (3) of the following four (4) categories: (English upper case characters, English lower case characters, Base-10 digits, Non-alphanumeric special characters)
Six of the characters must not occur more than once in the password.
It is a requirement that VA sensitive data be properly protected in accordance with VA Handbook 6500, Federal Information Security Management Act (FISMA), and Federal Information Processing Standards (FIPS) 140-2.
In compliance with relevant VA policy, this technology must not be used to record and/or replay system or user authentication information such as a password or PIN. | | [2] | Users should check with their supervisor, Information Security Office (ISO) or local OIT representative for permission to download and use this software. Downloaded software must always be scanned for viruses prior to installation to prevent adware or malware. Freeware may only be downloaded directly from the primary site that the creator of the software has advertised for public download and user or development community engagement. Users should note, any attempt by the installation process to install any additional, unrelated software is not approved and the user should take the proper steps to decline those installations. | | [3] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [4] | Technology must remain patched and operated in accordance with Federal and Department security policies and guidelines in order to mitigate known and future security vulnerabilities. | | [5] | When using Mouse Recorder Premium to process, store and transmit VA sensitive information, it must be installed on specifically FIPS-compliant servers configured to use FIPS-compliant algorithms for encryption. If it is not technically possible to employ FIPS 140-2 encryption, then the Mouse Recorder Premium server must be on a separate enclave and segregated from the rest of the enterprise network.
Mouse System owners need to stay informed about Mouse Recorder Premium and its component development activities to ensure updates and patches are tested and installed in a timely manner. Additionally, system owners need to constantly monitor the various resources within the Mouse Recorder Premium and its component development project to identify the most up-to-date information and solutions to mitigate or remediate vulnerabilities.
Enforce role-based access control (R-BAC) through Active Directory for the creation of different accounts based on organizational roles. For example, system administrators can manage and monitor the servers without being allowed access to ongoing security incident investigation.
When establishing a password for the Mouse Recorder Premium, ensure that all VA password requirements are met with regard to length and complexity. VA Handbook 6500 Control IA-5: Authenticator Management sets a standard of at least 8 non-blank characters. They must contain characters from three (3) of the following four (4) categories:
o English upper case characters o English lower case characters o Base-10 digits o Non-alphanumeric special characters | | [6] | Per the Initial Product Review, users must abide by the following constraints:
- When using Macro Recorder to process, store and transmit VA sensitive information, it should be installed on specifically FIPS-compliant servers configured to use FIPS-compliant algorithms for encryption. If it is not technically possible to employ FIPS 140-2 encryption, then the Macro Recorder server should be on a separate enclave and segregated from the rest of the enterprise network.
- System owners need to stay informed about Macro Recorder and its component development activities to ensure updates and patches are tested and installed in a timely manner. Additionally, system owners need to constantly monitor the various resources within the Macro Recorder and its component development project to identify the most up-to-date information and solutions to mitigate or remediate vulnerabilities.
- Enforce role-based access control (R-BAC) through Active Directory for the creation of different accounts based on organizational roles. For example, system administrators can manage and monitor the servers without being allowed access to ongoing security incident investigation.
- When establishing a password for the Macro Recorder, ensure that all VA password requirements are met with regard to length and complexity. VA Handbook 6500 Control IA-5: Authenticator Management sets a standard of at least 14 non-blank characters.
| | [7] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [8] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISSO (Information System Security Officer) to ensure compliance with VA Handbook 6500. | | [9] | Users should check with their supervisor, Information System Security Officer (ISSO) or local OIT representative for permission to download and use this software. Downloaded software must always be scanned for viruses prior to installation to prevent adware or malware. Freeware may only be downloaded directly from the primary site that the creator of the software has advertised for public download and user or development community engagement. Users should note, any attempt by the installation process to install any additional, unrelated software is not approved and the user should take the proper steps to decline those installations. |
|