5.x |
Unapproved |
Approved w/Constraints [3, 7, 8, 9] |
Approved w/Constraints [3, 7, 8, 9] |
Approved w/Constraints [3, 7, 8, 9] |
Approved w/Constraints [3, 7, 8, 9] |
Approved w/Constraints [3, 7, 8, 9] |
Approved w/Constraints [3, 7, 8, 9] |
Approved w/Constraints [3, 7, 8, 9] |
Approved w/Constraints [3, 7, 8, 9] |
Approved w/Constraints [3, 7, 8, 9] |
Approved w/Constraints [3, 7, 8, 9] |
Approved w/Constraints [3, 7, 8, 9] |
| | [1] | If FIPS 140-2 at the application level is not possible technically, FIPS 140-2compliant full disk encryption (FDE) must be implemented on the hard drivewhere FireDaemon is installed.
Ensure that the application is configured to leverage the authentication mechanism approved by VA. | | [2] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [3] | Technology must remain patched and operated in accordance with Federal and Department security policies and guidelines in order to mitigate known and future security vulnerabilities. | | [4] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [5] | Users must Divest the use of Internet Explorer with this technology. Other approved internet browsers are available. See Category Tab for details.
Users must ensure that Google Chrome, Microsoft Internet Explorer (IE), and Firefox are implemented with VA-approved baselines. (refer to the ‘Category’ tab under ‘Runtime Dependencies’)
Per the Initial Product Review, users must abide by the following constraints:
- If FIPS 140-2 at the application level is not possible, FIPS 140-2 certified full disk encryption (FDE) must be implemented on the hard drive where FireDaemon is installed where applicable.
- System Owners/Administrators should ensure that the application is configured to leverage the authentication mechanisms approved by the Department of Veterans Affairs.
- The products password protection must be configurable to meet VA standards for complexity, as defined in VA Handbook 6500 (IA-5). Ensure that all VA password requirements are met with regard to length and complexity. VA Knowledge Service Control IA-5: Authenticator Management requires a case sensitive 14-character password comprised of upper-case letters, lower case letters, numbers and special characters, including at least one of each category. VA defines and enforces at least 50% of characters in the password must be changed when new passwords are created
| | [6] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISSO (Information System Security Officer) to ensure compliance with VA Handbook 6500. | | [7] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISSO (Information System Security Officer) to ensure compliance with both VA Handbook 6500 and VA Directive 6500. | | [8] | Users must utilize approved internet browsers, as Microsoft Internet Explorer has reached End of Life status. See Category Tab for details.
Users must not utilize the Tool Command Language Development Kit (TDK), as it is unapproved for use on the TRM.
Users must ensure that Google Chrome, Microsoft Edge, and Firefox are implemented with VA-approved baselines. (refer to the ‘Category’ tab under ‘Runtime Dependencies’)
Per the Security Assessment Review, users must abide by the following constraints:
- A vulnerability exists because FireDaemon Pro is not FIPS 140-2 or its successor certified. To mitigate, FireDaemon Pro will require a 3rd party FIPS 140-2 or its successor certified solution for any data containing PHI/PII or VA sensitive information.
- A vulnerability exists because FireDaemon Pro includes an automatic Check for Updates that is enabled by default. Under the General Options tab of the application there is a check box to “Check for Updates”. This box is checked by default after installation. To mitigate, System Owners/Administrators need to uncheck the Check for Updates option.
- A vulnerability exists because FireDaemon Pro installs 1 .exe file without a digital signature. This prevents the verification of the control`s publisher and assurance that it has not been tampered with since being published. To mitigate, an administrator shall monitor the .exe and .dll files used by the application with a file integrity checker to ensure no unauthorized changes occur.
| | [9] | The Federal Information Processing standards (FIPS) 140-2 certification status of this technology was not able to be verified. This technology will require a 3rd party FIPS 140-2 or 140-3 certified solution for any data containing PHI/PII or VA sensitive information, where applicable. More information regarding the Cryptographic Module Validation Program (CMVP) can be found on the NIST website. |
|