<Past |
Future> |
11.52 |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
12 |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
12.5 |
Approved w/Constraints [3, 4, 5] |
Approved w/Constraints [3, 4, 5] |
Approved w/Constraints [3, 6, 7] |
Approved w/Constraints [3, 6, 8] |
Approved w/Constraints [3, 6, 9] |
Approved w/Constraints [3, 9, 10] |
Approved w/Constraints [3, 9, 10] |
Approved w/Constraints [3, 9, 10] |
Divest [3, 9, 10] |
Divest [3, 9, 11] |
Divest [3, 9, 11] |
Divest [3, 9, 11] |
12.53 |
Unapproved |
Unapproved |
Approved w/Constraints [3, 6, 7] |
Approved w/Constraints [3, 6, 8] |
Approved w/Constraints [3, 6, 9] |
Approved w/Constraints [3, 9, 10] |
Approved w/Constraints [3, 9, 10] |
Approved w/Constraints [3, 9, 10] |
Divest [3, 9, 10] |
Divest [3, 9, 11] |
Divest [3, 9, 11] |
Divest [3, 9, 11] |
12.55 |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [3, 9, 10] |
Approved w/Constraints [3, 9, 10] |
Approved w/Constraints [3, 9, 10] |
Approved w/Constraints [3, 9, 10] |
Divest [3, 9, 11] |
Divest [3, 9, 11] |
Divest [3, 9, 11] |
12.56 |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [3, 9, 10] |
Approved w/Constraints [3, 9, 10] |
Approved w/Constraints [3, 9, 10] |
Approved w/Constraints [3, 9, 10] |
Divest [3, 9, 11] |
Divest [3, 9, 11] |
Divest [3, 9, 11] |
12.6 |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [3, 9, 11] |
Approved w/Constraints [3, 9, 11] |
Approved w/Constraints [3, 9, 11] |
2020 |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
2021 |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
2022 |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
| | [1] | The use of this technology is limited for deployment to appropriate Veterans Affairs (VA) approved testing laboratory environments. Performance testing must be done with coordination of test lab system administrators to ensure that performance in the test lab does not adversely affect other services in and out of the test lab`s local environment. | | [2] | Technology must remain patched and operated in accordance with Federal and Department security policies and guidelines in order to mitigate known and future security vulnerabilities. | | [3] | Due to National Institute of Standards and Technology (NIST) identified security vulnerabilities, extra vigilance should be applied to ensure the versions remain properly patched to mitigate known and future vulnerabilities. The local ISO can provide assistance in reviewing the NIST vulnerabilities. | | [4] | If free trialware is utilized, the software must be purchased or removed at the end of the trial period.
The Initial Product Review notes that:
The software must not be used within the VA production network.
Only test data should be used with this software to test and develop systems that have not undergone Security Assessment and Authorization (A&A).
Applications developed in HPE LoadRunner must follow safe coding practices in order to prevent the introduction of vulnerabilities in the VA Enterprise environment. The required safe coding controls for VA are available in the VA Handbook 6500, Appendix F `System and Information Integrity`.
Because of known vulnerabilities in earlier versions, only version 12.50 should be installed and older versions should be updated. | | [5] | Due to potential information security risks, cloud based versions of this product are not permitted without a waiver signed by the Deputy CIO of ASD based upon a recommendation from the Architecture and Engineering Review Board (AERB). In addition, cloud based features of this software may not be used without an Enterprise Security Change Control Board (ESCCB) approval to ensure that confidential organization and/or PII/PHI data are not compromised (ref: VA Directive 6004, VA Directive 6517 and VA Directive 6513). Use of public cloud storage requires documented Federal Risk and Authorization Management Program (FedRAMP) compliance and a Memorandum of Understanding / Interconnection Security Agreement (MOU/ISA) between the vendor and VA prior to ESCCB review. | | [6] | If free trialware is utilized, the software must be purchased or removed at the end of the trial period.
This product is not intended to run in a production environment and must be used in test environments that are isolated from impacting production operations. | | [7] | Due to potential information security risks, cloud based technologies may not be used without an Enterprise Security Change Control Board (ESCCB) approval. This body is in part responsible for ensuring organizational information, Personally Identifiable Information (PII), Protected Health Information (PHI), and VA sensitive data are not compromised. (Ref: VA Directive 6004, VA Directive 6517, VA Directive 6513 and VA Directive 6102). | | [8] | Due to potential information security risks, cloud based technologies may not be used without the approval of the VA Enterprise Cloud Services (ECS) Group. This body is in part responsible for ensuring organizational information, Personally Identifiable Information (PII), Protected Health Information (PHI), and VA sensitive data are not compromised. (Ref: VA Directive 6004, VA Directive 6517, VA Directive 6513 and VA Directive 6102). | | [9] | Due to potential information security risks, cloud based technologies may not be used without the approval of the Enterprise Cloud Solution Office (ECSO). This body is in part responsible for ensuring organizational information, Personally Identifiable Information (PII), Protected Health Information (PHI), and VA sensitive data are not compromised. (Ref: VA Directive 6004, VA Directive 6517, VA Directive 6513 and VA Directive 6102). | | [10] | If free trialware is utilized, the software must be purchased or removed at the end of the trial period.
This technology must not be used in conjunction with File Transfer Protocol.
Per the Initial Product Review, users must abide by the following constraints:
The software must not be used within the VA production network.
Only test data should be used with this software to test and develop systems that have not undergone Security Assessment and Authorization (A&A).
Applications developed in HPE LoadRunner must follow safe coding practices in order to prevent the introduction of vulnerabilities in the VA Enterprise environment. The required safe coding controls for VA are available in the VA Handbook 6500, Appendix F `System and Information Integrity`. | | [11] | If free trialware is utilized, the software must be purchased or removed at the end of the trial period.
This technology must not be used in conjunction with File Transfer Protocol.
Per the Initial Product Review, users must abide by the following constraints:
The software must not be used within the VA production network.
Only test data should be used with this software to test and develop systems that have not undergone Security Assessment and Authorization (A&A).
Applications developed in HPE LoadRunner must follow safe coding practices in order to prevent the introduction of vulnerabilities in the VA Enterprise environment. The required safe coding controls for VA are available in the VA Handbook 6500, Appendix F `System and Information Integrity`. |
|
Note: |
At the time of writing, version 2022 is the most current version. |