15.x |
Approved w/Constraints [12, 15, 17, 18, 19, 20] |
Approved w/Constraints [12, 15, 17, 18, 19, 20] |
Approved w/Constraints [12, 15, 17, 18, 19, 20] |
Approved w/Constraints [12, 15, 17, 18, 19, 20] |
Approved w/Constraints [12, 15, 17, 18, 19, 20] |
Approved w/Constraints [12, 15, 17, 18, 19, 20] |
Approved w/Constraints [12, 15, 17, 18, 19, 20] |
Approved w/Constraints [12, 15, 17, 18, 19, 20] |
Approved w/Constraints [12, 15, 17, 18, 19, 20] |
Approved w/Constraints [12, 15, 17, 18, 19, 20] |
Approved w/Constraints [12, 15, 17, 18, 19, 20] |
Approved w/Constraints [12, 15, 17, 18, 19, 20] |
| | [1] | Due to multiple NIST and NSOC security vulnerabilities, extra vigilance should be applied to ensure the product remains properly patched to mitigate known and future vulnerabilities. Product must be operated in accordance with Federal and Department security and privacy policies and guidelines. | | [2] | Due to National Institute of Standards and Technology (NIST) identified security vulnerabilities, extra vigilance should be applied to ensure the versions remain properly patched to mitigate known and future vulnerabilities. The local ISO can provide assistance in reviewing the NIST vulnerabilities. | | [3] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [4] | In cases where the technology is used for external connections, a full Enterprise Security Change Control Board (ESCCB) review is required in accordance VA Directive 6004 , VA Directive 6517, and VA Directive 6513. The local ISO can advise on the ESCCB review process. | | [5] | Configuration and deployment standards for Cisco Unified Communications Manager (UCM) images and their host Server images are defined and maintained by the Core Systems Engineering organization within VA Enterprise Systems Engineering (ESE) and must be followed and adhered to unless an appropriate waiver is granted. Detailed information can be found at the following location: https://vaww.sde.portal.va.gov/svcs/sma/BCM/SitePages/Home.aspx
New installations or major expansions of this technology that transmit data over the VA Wide Area Network (WAN) must complete a Systems Engineering Design Review (SEDR) (contact VA e-mail: VA IT ESE SEDR SEG) prior to implementation to ensure proper compliance to VA network design and usage requirements. | | [6] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [7] | In cases where the technology is used for external connections, a full Enterprise Security Change Control Board (ESCCB) review is required in accordance VA Directive 6004 , VA Directive 6517, and VA Directive 6513. The local ISO can advise on the ESCCB review process. | | [8] | Configuration and deployment standards for Cisco Unified Communications Manager (UCM) images and their host Server images are defined and maintained by the Core Systems Engineering organization within Veterans Affairs (VA) Enterprise Systems Engineering (ESE) and must be followed and adhered to unless an appropriate waiver is granted. Detailed information can be found at the following location: https://vaww.sde.portal.va.gov/svcs/sma/BCM/SitePages/Home.aspx
New installations or major expansions of this technology that transmit data over the VA Wide Area Network (WAN) must complete a WAN impact review (contact VA e-mail: OIT ITOPS SD Engagement Requests) prior to implementation to ensure proper compliance to VA network design and usage requirements. | | [9] | Configuration and specific standards for Cisco Unified Communications Manager (UCM) images and their host server images are defined and maintained by ITOPS Solution Delivery (SD). Operational deployment of UCM systems must be coordinated with ITOPS IO Unified Communications Infrastructure Support and unless an appropriate waiver approved by SD is granted. Detailed information can be found at the following location: https://vaww.vashare.oit.va.gov/sites/itops/svcs/sma/BCM/Pages/BCM.aspx
New installations or major expansions of this technology that transmit data over the VA Wide Area Network (WAN) must complete a WAN impact review (contact VA e-mail: OIT ITOPS SD Engagement Requests) prior to implementation to ensure proper compliance to VA network design and usage requirements. | | [10] | Configuration and specific standards for Cisco Unified Communications Manager (UCM) images and their host server images are defined and maintained by ITOPS Solution Delivery (SD). Operational deployment of UCM systems must be coordinated with ITOPS IO Unified Communications Infrastructure Support and unless an appropriate waiver approved by SD is granted. Detailed information can be found at the following location: https://vaww.vashare.oit.va.gov/sites/itops/svcs/sma/BCM/Pages/BCM.aspx | | [11] | New installations or major expansions of this technology that transmit data over the VA Wide Area Network (WAN) must complete a WAN impact review (contact VA e-mail: [OIT ITOPS SD Engagement Requests]) prior to implementation to ensure proper compliance to VA network design and usage requirements. | | [12] | New installations or major expansions of this technology that transmit data over the VA Wide Area Network (WAN) must complete a WAN impact review (yourIT Service Portal:[SNOW Service Requests]) prior to implementation to ensure proper compliance to VA network design and usage requirements. | | [13] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [14] | In cases where the technology is used for external connections, a full Enterprise Security Change Control Board (ESCCB) review is required in accordance VA Directive 6004 , VA Directive 6517, and VA Directive 6513. The local ISO can advise on the ESCCB review process. | | [15] | Configuration and specific standards for Cisco Unified Communications Manager (UCM) images and their host server images are defined and maintained by ITOPS Solution Delivery (SD). Operational deployment of UCM systems must be coordinated with ITOPS IO Unified Communications Infrastructure Support and unless an appropriate waiver approved by SD is granted. Detailed information can be found at the following location: https://vaww.vashare.oit.va.gov/sites/itops/svcs/sma/BCM/Pages/BCM.aspx
Users must not utilize the Cisco TelePresence Management Suite (TMS) technology, as it is unapproved for use on the TRM. . | | [16] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISSO (Information System Security Officer) to ensure compliance with VA Handbook 6500. | | [17] | Due to National Institute of Standards and Technology (NIST) identified security vulnerabilities, extra vigilance should be applied to ensure the versions remain properly patched to mitigate known and future vulnerabilities. The local ISSO (Information System Security Officer) can provide assistance in reviewing the NIST vulnerabilities. | | [18] | In cases where the technology is used for external connections, a full Enterprise Security Change Control Board (ESCCB) review is required in accordance VA Directive 6004 , VA Directive 6517, and VA Directive 6513. The local ISSO (Information System Security Officer) can advise on the ESCCB review process. | | [19] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISSO (Information System Security Officer) to ensure compliance with both VA Handbook 6500 and VA Directive 6500. | | [20] | The Federal Information Processing standards (FIPS) 140-2 certification status of this technology was not able to be verified. This technology will require a 3rd party FIPS 140-2 or 140-3 certified solution for any data containing PHI/PII or VA sensitive information, where applicable. More information regarding the Cryptographic Module Validation Program (CMVP) can be found on the NIST website. |
|