Attention A T users. To access the menus on this page please perform the following steps. 1. Please switch auto forms mode to off. 2. Hit enter to expand a main menu option (Health, Benefits, etc). 3. To enter and activate the submenu links, hit the down arrow. You will now be able to tab or arrow up or down through the submenu options to access/activate the submenu links.

VA Technical Reference Model v 24.11

WS-SecurityPolicy
WS-SecurityPolicy Standard or Specification

General Information

Technologies must be operated and maintained in accordance with Federal and Department security and privacy policies and guidelines. More information on the proper use of the TRM can be found on the TRM Proper Use Tab/Section.

Website: Go to site
Description: Web Service SecurityPolicy (WS-SecurityPolicy) is a web services specification, created by International Business Machines (IBM) and 12 co-authors, that has become an Organization for the Advancement of Structured Information Standards (OASIS) standard as of version 1.2. It extends the fundamental security protocols specified by the WS-Security, WS-Trust and WS-SecureConversation by offering mechanisms to represent the capabilities and requirements of web services as policies. Security policy assertions are based on the WS-Policy framework.

The primary goal of this specification is to define an initial set of patterns or sets of assertions that represent common ways to describe how messages are secured on a communication path. The intent is to allow flexibility in terms of the tokens, cryptography, and mechanisms used, including leveraging transport security, but to be specific enough to ensure interoperability based on assertion matching.
Technology/Standard Usage Requirements: Users must ensure their use of this technology/standard is consistent with VA policies and standards, including, but not limited to, VA Handbooks 6102 and 6500; VA Directives 6004, 6513, and 6517; and National Institute of Standards and Technology (NIST) standards, including Federal Information Processing Standards (FIPS). Users must ensure sensitive data is properly protected in compliance with all VA regulations. Prior to use of this technology, users should check with their supervisor, Information Security Officer (ISO), Facility Chief Information Officer (CIO), or local Office of Information and Technology (OI&T) representative to ensure that all actions are consistent with current VA policies and procedures prior to implementation.
Section 508 Information:
Decision: View Decisions

Decision Source: TRM Mgmt Group
Decision Process: One-VA TRM v24.1
Decision Date: 01/25/2024 at 01:35:17 UTC
Introduced By: TRM Request
Standards Body: OASIS
- The information contained on this page is accurate as of the Decision Date (01/25/2024 at 01:35:17 UTC).