8.5.x |
Unapproved |
Approved w/Constraints [9, 10, 11, 12, 13] |
Approved w/Constraints [9, 10, 11, 12, 13] |
Approved w/Constraints [9, 10, 11, 12, 13] |
Approved w/Constraints [9, 10, 11, 12, 13] |
Approved w/Constraints [9, 10, 11, 12, 13] |
Approved w/Constraints [9, 10, 11, 12, 13] |
Approved w/Constraints [9, 10, 11, 12, 13] |
Approved w/Constraints [9, 10, 11, 12, 13] |
Approved w/Constraints [9, 10, 11, 12, 13] |
Approved w/Constraints [9, 10, 11, 12, 13] |
Approved w/Constraints [9, 10, 11, 12, 13] |
| | [1] | This technology includes functionality requiring Quicktime. Windows users may be limited as Quicktime is prohibited for use in the TRM on Windows platforms.
New installations or major expansions of this technology that transmit data over the VA Wide Area Network (WAN) must complete a Systems Engineering Design Review (SEDR) (contact VA e-mail: VA IT ESE SEDR SEG) prior to implementation to ensure proper compliance to VA network design and usage requirements. | | [2] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [3] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [4] | This technology includes functionality requiring Quicktime. Windows users must not leverage Quicktime as it is prohibited for use in the TRM on Windows platforms.
New installations or major expansions of this technology that transmit data over the VA Wide Area Network (WAN) must complete a WAN impact review (contact VA e-mail: OIT ITOPS SD Engagement Requests) prior to implementation to ensure proper compliance to VA network design and usage requirements. | | [5] | This technology includes functionality that requires QuickTime. Windows users must not leverage QuickTime as it is prohibited for use in the TRM on Windows platforms.
Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500.This technology includes functionality requiring Quicktime. Windows users must not leverage Quicktime as it is prohibited for use in the TRM on Windows platforms. | | [6] | New installations or major expansions of this technology that transmit data over the VA Wide Area Network (WAN) must complete a WAN impact review (contact VA e-mail: [OIT ITOPS SD Engagement Requests]) prior to implementation to ensure proper compliance to VA network design and usage requirements. | | [7] | Security Engineering (SE) conducted a pre-assessment and security requirements verification of Hiperwall. It is advised that if this product is used within the VA that the following constraints be applied:
The underlying infrastructure must provide the FIPS 140-2 encryption for data at rest or in transit.
Hiperwall must only use TRM approved codec packs within the VA.
This technology cannot be used until a Secure Configuration Baseline is developed. In order to reduce costs, risk and overhead in many areas including: training, patching, configuration standards, and documentation, VA has standardized the types and configurations of the platforms/technologies it uses and maintains baselines for in its internal operating environment. | | [8] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [9] | Per the Initial Product Review, users must abide by the following constraints:
- The underlying infrastructure must provide the FIPS 140-2 certified encryption for data at rest or in transit where applicable.
- This technology should not be used without a Secure Configuration Baseline or Implementation Standard. In order to reduce costs, risk and overhead in many areas including: training, patching, configuration standards, and documentation, VA has standardized the types and configurations of the platforms/technologies it uses and maintains baselines for in its internal operating environment. If it is determined that Hiperwall is an enterprise product the Baseline Configuration Management team will need to create an Enterprise Secure Configuration Baseline or Implementation Standard. If the product is determined to be a one-off implementation, Hiperwall will need the same, but it will be the system owner’s responsibility to develop a system level baseline.
Without a published DISA STIG or NIST validated checklist, creating a baseline requires substantial effort and significant time and cost. The project team will require written vendor commitment for assistance and continued vendor support and a VA Subject Matter Expert (SME) point of contact with a signed Baseline ownership Memorandum of Understanding (MOU). To begin exploring baseline/standard creation, the project team requesting to use this technology must submit a Solution Delivery, Baseline and Configuration Management (BCM) SNOW request via the following link: https://yourit.va.gov/va?id=sc_cat_item&sys_id=4894aef0dbedc0949b1534cc7c961902
| | [10] | Technology must remain patched and operated in accordance with Federal and Department security policies and guidelines in order to mitigate known and future security vulnerabilities. | | [11] | The Federal Information Processing standards (FIPS) 140-2 certification status of this technology was not able to be verified. This technology will require a 3rd party FIPS 140-2 or 140-3 certified solution for any data containing PHI/PII or VA sensitive information, where applicable. More information regarding the Cryptographic Module Validation Program (CMVP) can be found on the NIST website. | | [12] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISSO (Information System Security Officer) to ensure compliance with both VA Handbook 6500 and VA Directive 6500. | | [13] | New installations or major expansions of this technology that transmit data over the VA Wide Area Network (WAN) must complete a WAN impact review (yourIT Service Portal:[SNOW Service Requests]) prior to implementation to ensure proper compliance to VA network design and usage requirements. |
|