<Past |
Future> |
3.5.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
3.6.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
3.7.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
Prohibited |
3.8.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 2, 3, 4] |
Approved w/Constraints [1, 2, 3, 4] |
Divest [1, 3, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
3.9.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 2, 3, 4] |
Approved w/Constraints [1, 2, 3, 4] |
Divest [1, 3, 4, 5] |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
4.0.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Divest [1, 3, 4, 5] |
Divest [1, 3, 4, 6] |
Divest [1, 3, 4, 6] |
Unapproved |
Unapproved |
4.1.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Divest [1, 3, 4, 5] |
Divest [1, 3, 4, 6] |
Divest [1, 3, 4, 6] |
Unapproved |
Unapproved |
4.2.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 2, 3, 4] |
Approved w/Constraints [1, 3, 4, 5] |
Approved w/Constraints [1, 3, 4, 6] |
Divest [1, 3, 4, 6] |
Divest [1, 3, 4, 6] |
Divest [3, 4, 6, 7] |
4.3.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 3, 4, 5] |
Approved w/Constraints [1, 3, 4, 6] |
Divest [1, 3, 4, 6] |
Divest [1, 3, 4, 6] |
Divest [3, 4, 6, 7] |
4.4.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 3, 4, 6] |
Approved w/Constraints [1, 3, 4, 6] |
Approved w/Constraints [3, 4, 6, 7] |
4.5.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [1, 3, 4, 6] |
Approved w/Constraints [1, 3, 4, 6] |
Approved w/Constraints [3, 4, 6, 7] |
4.6.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [3, 4, 6, 7] |
4.8.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
4.9.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
5.0.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
5.1.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
5.2.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
5.3.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
5.4.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
5.6.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
5.8.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
5.9.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
5.10.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
5.11.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
6.0.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
6.1.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
6.2.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
| | [1] | No synchronization or storage of VA data is permitted outside the Department via the Creative Cloud synchronization and storage options.
If free trialware is utilized, the software must be purchased or removed at the end of the trial period.
Versions before 3.8.x must not be used as four Common Vulnerabilities and Exposures (CVEs) ranking from a severity of high to critical have been reported this past year and are related to local users gaining privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory and remote attackers ability to read or write to arbitrary files via the JavaScript application programming interface (API)`s sync process. | | [2] | Due to potential information security risks, cloud based technologies may not be used without an Enterprise Security Change Control Board (ESCCB) approval. This body is in part responsible for ensuring organizational information, Personally Identifiable Information (PII), Protected Health Information (PHI), and VA sensitive data are not compromised. (Ref: VA Directive 6004, VA Directive 6517, VA Directive 6513 and VA Directive 6102). | | [3] | Due to National Institute of Standards and Technology (NIST) identified security vulnerabilities, extra vigilance should be applied to ensure the versions remain properly patched to mitigate known and future vulnerabilities. The local ISO can provide assistance in reviewing the NIST vulnerabilities. | | [4] | Users should check with their supervisor, Information Security Office (ISO) or local OIT representative for permission to download and use this software. Downloaded software must always be scanned for viruses prior to installation to prevent adware or malware. Freeware may only be downloaded directly from the primary site that the creator of the software has advertised for public download and user or development community engagement. Users should note, any attempt by the installation process to install any additional, unrelated software is not approved and the user should take the proper steps to decline those installations. | | [5] | Due to potential information security risks, cloud based technologies may not be used without the approval of the VA Enterprise Cloud Services (ECS) Group. This body is in part responsible for ensuring organizational information, Personally Identifiable Information (PII), Protected Health Information (PHI), and VA sensitive data are not compromised. (Ref: VA Directive 6004, VA Directive 6517, VA Directive 6513 and VA Directive 6102). | | [6] | Due to potential information security risks, cloud based technologies may not be used without the approval of the Enterprise Cloud Solution Office (ECSO). This body is in part responsible for ensuring organizational information, Personally Identifiable Information (PII), Protected Health Information (PHI), and VA sensitive data are not compromised. (Ref: VA Directive 6004, VA Directive 6517, VA Directive 6513 and VA Directive 6102). | | [7] | No synchronization or storage of VA data is permitted outside the Department via the Creative Cloud synchronization and storage options.
If free trialware is utilized, the software must be purchased or removed at the end of the trial period.
Versions before 3.8.x must not be used as four Common Vulnerabilities and Exposures (CVEs) ranking from a severity of high to critical have been reported this past year and are related to local users gaining privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory and remote attackers ability to read or write to arbitrary files via the JavaScript application programming interface (API)`s sync process. |
|
Note: |
At the time of writing, version 6.2.0.554.2 is the most current version, released 05/15/2024.
A standard configuration of this technology was developed by the DDE team. At the time of writing, the standard version is 6.0.0.571.1, and version 6.2.0.554 is under testing and development for six weeks from 04/30/2024. |