VA Technical Reference Model v 26.1

The following reference(s) are associated with this entry:

Note: This list may not be complete. No component, listed or unlisted, may be used outside of the technology in which it is released. The usage decision for a component is found in the Decision and Decision Constraints.

• This entry is available as an open source technology.

• Amazon Linux - Authorized w/ Constraints
• Red Hat Enterprise Linux (RHEL) - Authorized w/ Constraints

Runtime Dependencies:

• No runtime dependencies have been identified.

Optional Dependencies:

• Docker Desktop Pro / Team / Business - Authorized w/ Constraints
• Kubernetes - Authorized w/ Constraints

Comparable Technologies:

• No comparable entries have been identified.

Companion Technologies/Supported Standards:

• Comma-Separated Values (CSV) Format - Authorized
• Confluence - Authorized w/ Constraints
• Helm - Authorized w/ Constraints
• Internet Protocol (IP) - Authorized
• JavaScript - Authorized
• Python - Authorized w/ Constraints
• Virtualization and Consolidation of Servers (Server Virtualize First) - Authorized w/ Constraints

Adoption Benefits

• At the time of writing, no National Institute of Standards and Technology (NIST) vulnerabilities had been reported and no VA Cyber Security Operations Center (CSOC) bulletins had been issued for the latest versions of this technology.
• This technology has a comprehensive set of documentation.
• There are minimal other TRM-authorized technologies that provide the same functionality.
• The use of this technology may help improve the security posture of the organization.
• This technology is available at no cost through open-source licensing and supports VA's open-source initiative.

Adoption Risks

• As open-source software, this product may be left without clearly defined support options which may result in suboptimal enterprise level support.
• Due to the rapid release schedule of this technology, the VA may be unable to update to the most recent patch and may require a deployment model requiring the use of specific versions.
• The potential exists to store Personally Identifiable Information (PII), Protected Health Information (PHI) and/or VA Sensitive data and proper security standards must be followed in these cases.
• The user is responsible for ensuring strong passwords are utilized to avoid password cracking attacks.
• IPR/SAR Adoption Risk - There is no indication based on available vendor documentation that Hyperglance is Federal Information Processing Standards (FIPS) 140-2 (or its successor) certified.
• IPR/SAR Adoption Risk - Hyperglance is a software-based solution that can be deployed on virtual machines either on premise or in the cloud.
• IPR/SAR Adoption Risk - Hyperglance can be deployed as a containerized application on platforms like Kubernetes.
• IPR/SAR Adoption Risk - There is a risk of unauthorized access and/or insider threats without robust Identity and Access Management (IAM) solution to support this product.

Architectural Benefits

• This technology is compatible with virtual machines, therefore consistent with the enterprise Server Virtualize First Policy (VAIQ 7266972 08-27-2012).

Architectural Risks

• This technology is not portable as it runs only on Linux operating systems.
• This technology includes cloud-based functionality which has potential information security risks.