|
<Past |
Future> |
| 0.4.0 |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
| 0.5.0 |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
| 0.6.1.2 |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
| 0.8.x |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
| 0.9.x |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
| 1.3.x |
Authorized w/ Constraints
[3, 8, 9, 10, 11] |
Authorized w/ Constraints
[3, 8, 9, 10, 11] |
Authorized w/ Constraints (DIVEST)
[3, 8, 9, 11, 12] |
Authorized w/ Constraints (DIVEST)
[3, 8, 9, 11, 12] |
Unauthorized, Conditions Required[b]
[3, 8, 9, 11, 12] |
Unauthorized, Conditions Required[b]
[3, 8, 9, 11, 12] |
Unauthorized, Conditions Required[b]
[3, 8, 9, 11, 12] |
Unauthorized, Conditions Required[b]
[3, 8, 9, 11, 12] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
| 2.0.x |
Authorized w/ Constraints
[3, 8, 9, 10, 11] |
Authorized w/ Constraints
[3, 8, 9, 10, 11] |
Authorized w/ Constraints (DIVEST)
[3, 8, 9, 11, 12] |
Authorized w/ Constraints (DIVEST)
[3, 8, 9, 11, 12] |
Unauthorized, Conditions Required[b]
[3, 8, 9, 11, 12] |
Unauthorized, Conditions Required[b]
[3, 8, 9, 11, 12] |
Unauthorized, Conditions Required[b]
[3, 8, 9, 11, 12] |
Unauthorized, Conditions Required[b]
[3, 8, 9, 11, 12] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
Unauthorized, Conditions Required[a] |
| 2.1.x |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints
[3, 8, 9, 11, 12] |
Authorized w/ Constraints
[3, 8, 9, 11, 12] |
Authorized w/ Constraints
[3, 8, 9, 11, 12] |
Authorized w/ Constraints
[3, 8, 9, 11, 12] |
Authorized w/ Constraints
[3, 8, 9, 11, 12] |
Authorized w/ Constraints
[3, 8, 9, 11, 12] |
Authorized w/ Constraints
[3, 8, 9, 11, 12] |
Authorized w/ Constraints
[3, 8, 9, 11, 12] |
Authorized w/ Constraints
[3, 8, 9, 11, 12] |
Authorized w/ Constraints
[3, 8, 9, 11, 12] |
| Note: |
At the time of writing, version 2.1.0 is the most current version, released 01/08/2025. |
| | | | [3] | Technology must remain patched and operated in accordance with Federal and Department security policies and guidelines in order to mitigate known and future security vulnerabilities. | | | [8] | Users should check with their supervisor, Information System Security Officer (ISSO) or local OIT representative for permission to download and use this software. Downloaded software must always be scanned for viruses prior to installation to prevent adware or malware. Freeware may only be downloaded directly from the primary site that the creator of the software has advertised for public download and user or development community engagement. Users should note, any attempt by the installation process to install any additional, unrelated software is not authorized and the user should take the proper steps to decline those installations. | | | [9] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISSO (Information System Security Officer) to ensure compliance with both VA Handbook 6500 and VA Directive 6500. | | | [10] | Per the Initial Product Review, users must abide by the following constraints:
- EZ Tools Suite will require a 3rd party FIPS 140-2 certified solution for any data containing Protected Health Information (PHI)/Personally Identifiable Information (PII) or VA sensitive information.
- The use of EZ Tools must be limited only to Cyber Security Operations Center (CSOC) staff and shall be listed in the software baseline of the EnCase Endpoint Investigator (EEI) ATO boundary.
- System administrators must ensure that the latest authorized version of Microsoft .NET Framework is used with EZ Tools that integrates with .NET Framework. Version 6.x is listed as Unapproved on the VA Technical Reference Model (TRM).
- The VA requires support for all software used on the VA network. Vendor or third-party support at an enterprise level is not free and must be acquired for any open-source product to be deployed on the VA network. Support for the EZ Tools can be provided through Eric Zimmerman.
- The use of EZ Tools should be limited only to experienced system information security staff performing tasks related to digital forensics investigations, incident response, and Advanced Persistent Threat (APT) detection.
- Due to the rapid releases and updates of these tools, the VA should closely monitor the vendor’s website for critical updates and new releases.
| | | [11] | The Federal Information Processing standards (FIPS) 140-2 certification status of this technology was not able to be verified. This technology will require a 3rd party FIPS 140-2 or 140-3 certified solution for any data containing PHI/PII or VA sensitive information, where applicable. More information regarding the Cryptographic Module Validation Program (CMVP) can be found on the NIST website. | | | [12] | Per the Initial Product Review, users must abide by the following constraints:
-
The product is not Federal Information Processing Standards (FIPS) 140-2 (or its successor) certified. EZ Tools Suite will require a 3rd party FIPS 140-2 certified solution for any data containing Protected Health Information (PHI)/Personally Identifiable Information (PII) or VA sensitive information.
-
EZ Tools are command line tools designed for Digital Forensics and Incident Response (DFIR). The product is freely available to users, which could result in unauthorized usage of these tools. Additionally, the WxTCmd component is turned on by default and requires one to explicitly disable the functionality if the user does not wish to have their actions recorded. If the activity history is enabled, it may include such details as: which file was viewed, edited, website visited, and the times all this occurred. The use of EZ Tools must be limited only to Cyber Security Operations Center (CSOC) staff and shall be listed in the software baseline of the EnCase Endpoint Investigator (EEI) ATO boundary.
-
Per the developer, the software requires at least Microsoft .net 4.6.2 or later. Errors can occur using the applications without at least 4.6.2. Developer also noted to make sure users get the Desktop runtime if end users are planning on using any of the GUI programs. System administrators must ensure that the latest authorized version of Microsoft .NET Framework is used with EZ Tools that integrates with .NET Framework. Version 6.x is listed as Unapproved on the VA Technical Reference Model (TRM).
-
The EZ Tools is an open-source tool that does not come with enterprise level support. The VA requires support for all software used on the VA network. Vendor or third-party support at an enterprise level is not free and must be acquired for any open-source product to be deployed on the VA network. Support for the EZ Tools can be provided through Eric Zimmerman.
-
The digital forensic tools used for intrusion investigations have the capability to show a chronology of actions taken by the user. It allows incident responders to find specific past events from the items previously worked on, because it keeps a history of the most recent tasks up to 30 days prior. Activity collection can result in exposure of highly detailed data stored on Windows computers, including web page activities or caches. The use of EZ Tools should be limited only to experienced system information security staff performing tasks related to digital forensics investigations, incident response, and Advanced Persistent Threat (APT) detection.
-
These tools undergo frequent version changes and vendor updates. Due to the rapid releases and updates of these tools, the VA should closely monitor the vendor’s website for critical updates and new releases.
|
|
