5.x |
Approved w/Constraints [3, 8, 10, 12] |
Approved w/Constraints [3, 8, 10, 12] |
Approved w/Constraints [3, 8, 10, 12] |
Approved w/Constraints [3, 8, 10, 12] |
Approved w/Constraints [3, 8, 10, 12] |
Approved w/Constraints [3, 8, 10, 12] |
Approved w/Constraints [3, 8, 10, 12] |
Approved w/Constraints [3, 8, 10, 12] |
Approved w/Constraints [3, 8, 10, 12] |
Approved w/Constraints [3, 8, 10, 12] |
Approved w/Constraints [3, 8, 10, 12] |
Approved w/Constraints [3, 8, 10, 12] |
| | [1] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [2] | Users must ensure applicable VA wireless infrastructure standards and minimum baseline configuration for securing WLAN devices are in place. | | [3] | Technology must remain patched and operated in accordance with Federal and Department security policies and guidelines in order to mitigate known and future security vulnerabilities. | | [4] | Users must ensure applicable VA wireless infrastructure standards and minimum baseline configuration for securing Wireless Local Area Network (WLAN) devices are in place. | | [5] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [6] | Users must ensure applicable VA wireless infrastructure standards and minimum baseline configuration for securing Wireless Local Area Network (WLAN) devices are in place.
Users must ensure that Microsoft .NET Framework is implemented with VA-approved baselines.
The CenTrak solution should not process, store, or transmit VA sensitive information without employing a validated FIPS 140-2 cryptographic module. In addition, privacy impact assessments (PIA) should be conducted to ensure proper handling of information collected by the system.
CenTrak Connect Core must utilize the VA-approved version of .NET Framework.
Ensure applicable VA wireless infrastructure standards and minimum baseline configuration for securing Wireless Local Area Network (WLAN) devices are in place. | | [7] | New installations or major expansions of this technology that transmit data over the VA Wide Area Network (WAN) must complete a WAN impact review (contact VA e-mail: [OIT ITOPS SD Engagement Requests]) prior to implementation to ensure proper compliance to VA network design and usage requirements. | | [8] | New installations or major expansions of this technology that transmit data over the VA Wide Area Network (WAN) must complete a WAN impact review (yourIT Service Portal:[SNOW Service Requests]) prior to implementation to ensure proper compliance to VA network design and usage requirements. | | [9] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [10] | Users must ensure that Microsoft .NET Framework, Google Chrome, and Adobe Acrobat are implemented with VA-approved baselines. (Refer to the ‘Category’ tab under ‘Runtime Dependencies’)
Per the [Initial Product Review/Security Assessment Review], users must abide by the following constraints:
- The CenTrak solution should not process, store, or transmit VA sensitive information without employing a certified FIPS 140-2 cryptographic module. In addition, privacy impact assessments (PIA) should be conducted to ensure proper handling of information collected by the system.
- CenTrak Connect Core must utilize the VA approved version of .NET Framework.
- Ensure applicable VA wireless infrastructure standards and minimum baseline configuration for securing Wireless Local Area Network (WLAN) devices are in place.
| | [11] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISSO (Information System Security Officer) to ensure compliance with VA Handbook 6500. | | [12] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISSO (Information System Security Officer) to ensure compliance with both VA Handbook 6500 and VA Directive 6500. |
|