5.x |
Approved w/Constraints [3, 8, 10, 12] |
Approved w/Constraints [3, 8, 10, 12] |
Approved w/Constraints [3, 8, 10, 12] |
Approved w/Constraints [3, 8, 10, 12] |
Authorized w/ Constraints [3, 8, 12, 13, 14] |
Approved w/Constraints [3, 8, 12, 13, 14] |
Approved w/Constraints [3, 8, 12, 13, 14] |
Approved w/Constraints [3, 8, 12, 13, 14] |
Authorized w/ Constraints [3, 8, 12, 13, 14] |
Authorized w/ Constraints [3, 8, 12, 13, 14] |
Authorized w/ Constraints [3, 8, 12, 13, 14] |
Authorized w/ Constraints [3, 8, 12, 13, 14] |
| | [1] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [2] | Users must ensure applicable VA wireless infrastructure standards and minimum baseline configuration for securing WLAN devices are in place. | | [3] | Technology must remain patched and operated in accordance with Federal and Department security policies and guidelines in order to mitigate known and future security vulnerabilities. | | [4] | Users must ensure applicable VA wireless infrastructure standards and minimum baseline configuration for securing Wireless Local Area Network (WLAN) devices are in place. | | [5] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [6] | Users must ensure applicable VA wireless infrastructure standards and minimum baseline configuration for securing Wireless Local Area Network (WLAN) devices are in place.
Users must ensure that Microsoft .NET Framework is implemented with VA-authorized baselines.
The CenTrak solution should not process, store, or transmit VA sensitive information without employing a validated FIPS 140-2 cryptographic module. In addition, privacy impact assessments (PIA) should be conducted to ensure proper handling of information collected by the system.
CenTrak Connect Core must utilize the VA-authorized version of .NET Framework.
Ensure applicable VA wireless infrastructure standards and minimum baseline configuration for securing Wireless Local Area Network (WLAN) devices are in place. | | [7] | New installations or major expansions of this technology that transmit data over the VA Wide Area Network (WAN) must complete a WAN impact review (contact VA e-mail: [OIT ITOPS SD Engagement Requests]) prior to implementation to ensure proper compliance to VA network design and usage requirements. | | [8] | New installations or major expansions of this technology that transmit data over the VA Wide Area Network (WAN) must complete a WAN impact review (yourIT Service Portal:[SNOW Service Requests]) prior to implementation to ensure proper compliance to VA network design and usage requirements. | | [9] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [10] | Users must ensure that Microsoft .NET Framework, Google Chrome, and Adobe Acrobat are implemented with VA-authorized baselines. (Refer to the ‘Category’ tab under ‘Runtime Dependencies’)
Per the [Initial Product Review/Security Assessment Review], users must abide by the following constraints:
- The CenTrak solution should not process, store, or transmit VA sensitive information without employing a certified FIPS 140-2 cryptographic module. In addition, privacy impact assessments (PIA) should be conducted to ensure proper handling of information collected by the system.
- CenTrak Connect Core must utilize the VA authorized version of .NET Framework.
- Ensure applicable VA wireless infrastructure standards and minimum baseline configuration for securing Wireless Local Area Network (WLAN) devices are in place.
| | [11] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISSO (Information System Security Officer) to ensure compliance with VA Handbook 6500. | | [12] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISSO (Information System Security Officer) to ensure compliance with both VA Handbook 6500 and VA Directive 6500. | | [13] | Users must ensure that Microsoft Edge and Google Chrome are implemented with VA-authorized baselines. (Refer to the ‘Category’ tab under ‘Runtime Dependencies’)
Users must not utilize the Secure Sockets Layer (SSL) protocol, as it requires a POA&M.
Per the Initial Product Review, users must abide by the following constraints:
- The CenTrak solution should not process, store, or transmit VA sensitive information without employing a certified FIPS 140-2 (or its successor) cryptographic module. In addition, privacy impact assessments (PIA) should be conducted to ensure proper handling of information collected by the system.
- CenTrak Connect Core must utilize the VA authorized version of .NET Framework.
- Ensure applicable VA wireless infrastructure standards and minimum baseline configuration for securing Wireless Local Area Network (WLAN) devices are in place.
| | [14] | The Federal Information Processing standards (FIPS) 140-2 certification status of this technology was not able to be verified. This technology will require a 3rd party FIPS 140-2 or 140-3 certified solution for any data containing PHI/PII or VA sensitive information, where applicable. More information regarding the Cryptographic Module Validation Program (CMVP) can be found on the NIST website. |
|