<Past |
Future> |
8.232.x |
Divest [2, 3, 4] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
8.242.x |
Approved w/Constraints [2, 3, 4] |
Divest [2, 3, 4] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
8.252.x |
Unapproved |
Approved w/Constraints [2, 3, 4] |
Divest [2, 3, 4] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
8.262.x |
Unapproved |
Unapproved |
Approved w/Constraints [2, 3, 4] |
Divest [2, 3, 4] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
8.265.x |
Unapproved |
Unapproved |
Unapproved |
Divest [2, 3, 4] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
8.272.x |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [2, 3, 4] |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
8.275.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
8.282.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [2, 4, 5] |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
8.292.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [2, 4, 5] |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
8.302.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 2, 4, 5] |
Approved w/Constraints [2, 4, 5] |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.312.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [2, 4, 5] |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
8.303.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 2, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.322.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [2, 4, 5] |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
8.332.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 2, 4, 5] |
Approved w/Constraints [2, 4, 5] |
Divest [2, 4, 5] |
Unapproved |
8.342.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 2, 4, 5] |
Approved w/Constraints [1, 2, 4, 5] |
Approved w/Constraints [1, 2, 4, 5] |
11.0.5.x |
Divest [2, 3, 4] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
11.0.6.x |
Approved w/Constraints [2, 3, 4] |
Divest [2, 3, 4] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
11.0.7.x |
Unapproved |
Approved w/Constraints [2, 3, 4] |
Divest [2, 3, 4] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
11.0.8.x |
Unapproved |
Unapproved |
Approved w/Constraints [2, 3, 4] |
Divest [2, 3, 4] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
11.0.9.x |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [2, 3, 4] |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
11.0.10.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [2, 4, 5] |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
11.0.11.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [2, 4, 5] |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
11.0.12.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 2, 4, 5] |
Approved w/Constraints [2, 4, 5] |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.13.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 2, 4, 5] |
Approved w/Constraints [2, 4, 5] |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
11.0.14.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [2, 4, 5] |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
11.0.15.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 2, 4, 5] |
Approved w/Constraints [2, 4, 5] |
Divest [2, 4, 5] |
Unapproved |
11.0.16.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 2, 4, 5] |
Approved w/Constraints [1, 2, 4, 5] |
Approved w/Constraints [1, 2, 4, 5] |
17.0.0.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [2, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
17.0.1.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
17.0.2.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [2, 4, 5] |
Divest [2, 4, 5] |
Unapproved |
Unapproved |
17.0.3.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 2, 4, 5] |
Approved w/Constraints [2, 4, 5] |
Divest [2, 4, 5] |
Unapproved |
17.0.4.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 2, 4, 5] |
Approved w/Constraints [1, 2, 4, 5] |
Approved w/Constraints [1, 2, 4, 5] |
| | [1] | This Technology is currently being evaluated, reviewed, and tested in controlled environments. Use of this technology is strictly controlled and not available for use within the general population. | | [2] | Due to major security vulnerabilities associated with JDK, only the current supported patch sets, which are released every 3 months, are approved for use and the prior patch set will be divested for one quarter to allow time for transition.
Note: It is the system owner`s responsibility to ensure proper licensing is obtained and in place for Java patches that are installed on machines they own. Care should be taken to test and minimize product interaction where this technology is used on the same machine with other vendor`s JDK implementations.
Security Engineering (SE) conducted a pre-assessment and security requirements verification of Amazon Corretto. It is advised that if this product is used within the VA the following constraints be applied:
1. If VA sensitive information is involved, ensure that the underlying infrastructure and application are configured to provide FIPS 140-2 encryption for web access supporting Amazon Corretto to provide the VA required FIPS 140-2 compliant cryptographic modules for encryption of data at rest and in transit.
2. Due to frequent changes to the lifecycle, system administrators must ensure that the supported version is being used.
3. VA already has an AWS Support Plan, it must be verified that Corretto is covered on the plan the VA currently has; otherwise, it is recommended that the VA purchase a plan to receive assistance with Corretto.
4. Corretto should be administered only by the Desktop and Device Engineering team with access to this product restricted and limited to privileges that are needed to perform specific duties. Also audit logs should be reviewed in accordance with VA Handbook 6500, Continuous Monitoring standards.
5. It is strongly recommended that these patches are prioritized, tested, and installed as soon as they become available. The product must remain patched and operated in accordance with Federal and Department security and privacy policies and guidelines. | | [3] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [4] | Technology must remain patched and operated in accordance with Federal and Department security policies and guidelines in order to mitigate known and future security vulnerabilities. | | [5] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. |
|
Note: |
NOTE: SCCM, BigFix or similar scans may show extra digits in the version number such as 1.8.0.332 vs 8.332.x. This anomaly should be noted and considered when matching up approved versions. NOTE: 8.332.x and 11.0.15.x and 17.3.0.x should be released by Amazon around 4/15/2022. Due to major security vulnerabilities associated with this technology, only the current supported patch sets, which are released every 3 months, are approved for use and the prior patch set will be divested for one quarter to allow time for transition. |