VA Technical Reference Model v 25.5

The following reference(s) are associated with this entry:

Note: This list may not be complete. No component, listed or unlisted, may be used outside of the technology in which it is released. The usage decision for a component is found in the Decision and Decision Constraints.

• This entry is available as an open source technology.

• macOS - Authorized w/ Constraints
• Windows Client - Authorized w/ Constraints

Runtime Dependencies:

• No runtime dependencies have been identified.

Optional Dependencies:

• No optional dependencies have been identified.

Comparable Technologies:

• 3DxWare - Authorized w/ Constraints
• ASAP (As Soon As Possible) Utilities for Excel - Authorized w/ Constraints (POA&M)
• Asutype - Authorized w/ Constraints
• Auto Mouse Mover - Unauthorized
• AutoHotkey - Authorized w/ Constraints
• Macro Scheduler - Authorized w/ Constraints (DIVEST)
• QuickTextPaste - Authorized w/ Constraints (POA&M)
• Razer Synapse - Authorized w/ Constraints

Companion Technologies/Supported Standards:

• No companion technologies/standards have been identified.

Adoption Benefits

• At the time of writing, no National Institute of Standards and Technology (NIST) vulnerabilities had been reported and no VA Cyber Security Operations Center (CSOC) bulletins had been issued for the latest versions of this technology.

• There is no licensing fee associated with this technology.

Adoption Risks

• The potential exists to store Personally Identifiable Information (PII), Protected Health Information (PHI) and/or VA Sensitive data and proper security standards must be followed in these cases.

• This technology is available as freeware. As such this technology may be without clearly defined support options which may result in suboptimal enterprise level support.

• Macro Recorder is not Federal Information Processing Standards (FIPS) 140- 2 certified. Depending on use cases, Macro Recorder can be implemented by teams within the VA to collaborate on numerous tasks or projects:

  • Create streamlined presentations and tutorial videos.
  • Perform advanced configuration steps and provide the recorded file for remote execution.
  • Perform system maintenance tasks.
  • Auto-login to online accounts.
  • Auto-click websites or programs.
  • Auto-fill forms to generate reports (for example, incident response, software development, medical research), where there is likelihood of processing VA sensitive information

• When utilizing a freeware or open source software, there is limited support for patch maintenance and product updates. The community of developers that contributes to open source projects is not obligated to provide software updates, resulting in outdated software and the potential for zero-day vulnerabilities.

• PhraseExpress recorder is one of the features for the Macro Recorder that can be accessible by multiple users to perform various tasks. Overlapping duties and lack of access control potentially could result in misuse of authority and unauthorized access of VA sensitive information.

• Due to the rapid release schedule of this technology, the VA may be unable to update to the most recent patch and may require a deployment model requiring the use of specific versions.

• System scans indicate that this technology is no longer in use within the VA network.

• This technology involves the use Universal Serial Bus (USB) connections and proper security precautions must be taken when used.

• The PhraseExpress Windows version integrates with the free macro program Macro Recorder to provide a complete automation solution and can password-protect phrase files to keep them secure on the Internet, but there is no indication of password complexity. VA has stringent requirements for password complexity that must be met.

• Macro Recorder is currently Unapproved status in VA Technical Reference Model.

Architectural Benefits

• This technology is portable as it runs on multiple TRM-authorized operating systems.