4.5.x |
Approved w/Constraints [1, 2, 3, 4] |
Approved w/Constraints [1, 2, 3, 4] |
Approved w/Constraints [1, 2, 3, 4] |
Approved w/Constraints [1, 2, 3, 4] |
Approved w/Constraints [2, 3, 5, 6] |
Approved w/Constraints [2, 3, 5, 6] |
Approved w/Constraints [2, 3, 5, 6] |
Approved w/Constraints [2, 5, 7, 8] |
Approved w/Constraints [5, 7, 9, 10] |
Approved w/Constraints [4, 7, 9, 11] |
Approved w/Constraints [4, 7, 9, 11] |
Divest [7, 9, 12] |
| | [1] | Enterprise Security Solutions Services (ESSS) conducted a pre-assessment and security requirements verification of Entire Connection. It is advised that if this product is used within the Department of Veterans Affairs (VA) that the following constraints be applied:
-
System owners should deploy FIPS compliant software to ensure VA sensitive data containing PII/PHI is protected with FIPS 140-2 validated technology.
-
Users should use Attachmate, the VA approved emulation software, whenever possible. Entire Connection software should only be used when VA approved tools do not meet the necessary requirements, and the use of more specialized tools is warranted. A Risk Based Decision (RBD) must be submitted and approved through VA established channels.
-
System owners should verify whether or not the product is still supported and updated by the vendor. If the product is end-of-life (EOL), it should not be used within VA. VA Handbook 6500 prohibits the use of commercial software/firmware and open source software from sources with limited or no warranty and without the provision of source code.
| | [2] | In cases where the technology is used for external connections, a full Enterprise Security Change Control Board (ESCCB) review is required in accordance VA Directive 6004 , VA Directive 6517, and VA Directive 6513. The local ISO can advise on the ESCCB review process. | | [3] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [4] | Technology must remain patched and operated in accordance with Federal and Department security policies and guidelines in order to mitigate known and future security vulnerabilities. | | [5] | Enterprise Security Solutions Services (ESSS) conducted a pre-assessment and security requirements verification of Entire Connection. It is advised that if this product is used within the Department of Veterans Affairs (VA) that the following constraints be applied:
- System owners must deploy Federal Information Processing Standard (FIPS) compliant software to ensure VA sensitive data containing PII/PHI is protected with FIPS 140-2 validated technology.
- Users must use Attachmate, the VA approved emulation software, whenever possible. Entire Connection software must only be used when VA approved tools do not meet the necessary requirements, and the use of more specialized tools is warranted. A Risk Based Decision (RBD) must be submitted and approved through VA established channels.
-
System owners must verify whether or not the product is still supported and updated by the vendor. If the product is end-of-life (EOL), it must not be used within VA. VA Handbook 6500 prohibits the use of commercial software/firmware and open source software from sources with limited or no warranty and without the provision of source code.
| | [6] | This technology should only be used when required by a Veterans Affairs (VA) business partner for an approved VA Project. Use of this technology must comply with ESCCB requirements which include: Signed Interconnection Agreements/Memorandum of Understanding agreements (MOU/ISA) with each external business partner, compliance with VA Handbook 6500, and must implement appropriate National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS) requirements for all devices interacting with this technology. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500 and National Institute of Standards and Technology (NIST) standards. As of January 27th, 2017, Risk-based Decisions (RBD) will be handled per VAIQ # 7769667. In cases where the technology is used for external connections, a full Enterprise Security Change Control Board (ESCCB) review is required in accordance VA Directive 6004, VA Directive 6517
and VA Directive 6513. The local ISO can advise on the ESCCB review process and ensure privacy of information compliance protections are in place. | | [7] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [8] | This technology should only be used when required by a Veterans Affairs (VA) business partner for an approved VA Project. Use of this technology must comply with ESCCB requirements which include: Signed Interconnection Agreements/Memorandum of Understanding agreements (MOU/ISA) with each external business partner, compliance with VA Handbook 6500, and must implement appropriate National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS) requirements for all devices interacting with this technology. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500 and National Institute of Standards and Technology (NIST) standards. As of January 27th, 2017, Risk-based Decisions (RBD) will be handled per VAIQ # 7769667. In cases where the technology is used for external connections, a full Enterprise Security Change Control Board (ESCCB) review is required in accordance VA Directive 6004, VA Directive 6517
and VA Directive 6513. The local ISO can advise on the ESCCB review process and ensure privacy of information compliance protections are in place. | | [9] | In cases where the technology is used for external connections, a full Enterprise Security Change Control Board (ESCCB) review is required in accordance VA Directive 6004 , VA Directive 6517, and VA Directive 6513. The local ISO can advise on the ESCCB review process. | | [10] | This technology should only be used when required by a Veterans Affairs (VA) business partner for an approved VA Project. Use of this technology must comply with ESCCB requirements which include: Signed Interconnection Agreements/Memorandum of Understanding agreements (MOU/ISA) with each external business partner, compliance with VA Handbook 6500, and must implement appropriate National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS) requirements for all devices interacting with this technology. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500 and National Institute of Standards and Technology (NIST) standards. As of January 27th, 2017, Risk-based Decisions (RBD) will be handled per VAIQ # 7769667. In cases where the technology is used for external connections, a full Enterprise Security Change Control Board (ESCCB) review is required in accordance VA Directive 6004, VA Directive 6517
and VA Directive 6513. The local ISO can advise on the ESCCB review process and ensure privacy of information compliance protections are in place. | | [11] | System owners must deploy Federal Information Processing Standard (FIPS) compliant software to ensure VA sensitive data containing PII/PHI is protected with FIPS 140-2 validated technology.
Users must use Attachmate, the VA approved emulation software, whenever possible. Entire Connection software must only be used when VA approved tools do not meet the necessary requirements, and the use of more specialized tools is warranted. A Risk Based Decision (RBD) must be submitted and approved through VA established channels.
System owners must verify whether or not the product is still supported and updated by the vendor. If the product is end-of-life (EOL), it must not be used within VA. VA Handbook 6500 prohibits the use of commercial software/firmware and open source software from sources with limited or no warranty and without the provision of source code. | | [12] | Users must use Attachmate, the VA approved emulation software,whenever possible. Entire Connection software must only be used when VA approved tools do not meet the necessary requirements, and the use of more specialized tools is warranted. The application was not selected to be part of the VA workstation baseline configuration and must not be used. Unauthorized applications must not be installed or used on the VA network unless a waiver,signed by the Deputy CIO of ASD and based upon a recommendation from the Strategic Technology Alignment Team (STAT), has been granted to the projectteam or organization that wishes to use the technology. System owners must verify whether or not the product is still supported and updated by the vendor. If the product is end-of-life (EOL), it must not be used within VA. VA Handbook 6500 prohibits the use of commercial software/firmware and open source software from sources with limited or no warranty and without the provision of source code. |
|