<Past |
Future> |
8.232.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.242.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.252.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.262.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.265.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.272.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.275.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.282.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.292.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.302.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.312.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.303.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.322.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.332.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.342.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.352.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.362.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.363.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.372.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.382.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.392.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
8.412.x |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
11.0.5.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.6.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.7.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.8.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.9.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.10.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.11.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.12.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.13.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.14.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.15.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.16.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.17.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.18.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.19.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.20.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.21.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.22.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
11.0.23.x |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
17.0.0.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
17.0.1.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
17.0.2.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
17.0.3.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
17.0.4.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
17.0.5.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
17.0.6.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
17.0.7.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
17.0.8.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
17.0.9.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
17.0.10.x |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
17.0.11.x |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
19.0.x (non-LTS) |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
20.0.x (non-LTS) |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
21.x |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
Approved w/Constraints [4, 8, 10, 11, 12] |
| | [1] | This Technology is currently being evaluated, reviewed, and tested in controlled environments. Use of this technology is strictly controlled and not available for use within the general population. | | [2] | Due to major security vulnerabilities associated with JDK, only the current supported patch sets, which are released every 3 months, are approved for use and the prior patch set will be divested for one quarter to allow time for transition.
Note: It is the system owner`s responsibility to ensure proper licensing is obtained and in place for Java patches that are installed on machines they own. Care should be taken to test and minimize product interaction where this technology is used on the same machine with other vendor`s JDK implementations.
Security Engineering (SE) conducted a pre-assessment and security requirements verification of Amazon Corretto. It is advised that if this product is used within the VA the following constraints be applied:
1. If VA sensitive information is involved, ensure that the underlying infrastructure and application are configured to provide FIPS 140-2 encryption for web access supporting Amazon Corretto to provide the VA required FIPS 140-2 compliant cryptographic modules for encryption of data at rest and in transit.
2. Due to frequent changes to the lifecycle, system administrators must ensure that the supported version is being used.
3. VA already has an AWS Support Plan, it must be verified that Corretto is covered on the plan the VA currently has; otherwise, it is recommended that the VA purchase a plan to receive assistance with Corretto.
4. Corretto should be administered only by the Desktop and Device Engineering team with access to this product restricted and limited to privileges that are needed to perform specific duties. Also audit logs should be reviewed in accordance with VA Handbook 6500, Continuous Monitoring standards.
5. It is strongly recommended that these patches are prioritized, tested, and installed as soon as they become available. The product must remain patched and operated in accordance with Federal and Department security and privacy policies and guidelines. | | [3] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [4] | Technology must remain patched and operated in accordance with Federal and Department security policies and guidelines in order to mitigate known and future security vulnerabilities. | | [5] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [6] | Due to major security vulnerabilities associated with JDK, only the current supported patch sets, which are released every 3 months, are approved for use and the prior patch set will be divested for one quarter to allow time for transition.
Note: It is the system owner`s responsibility to ensure proper licensing is obtained and in place for Java patches that are installed on machines they own. Care should be taken to test and minimize product interaction where this technology is used on the same machine with other vendor`s JDK implementations.
Security Engineering (SE) conducted a pre-assessment and security requirements verification of Amazon Corretto. It is advised that if this product is used within the VA the following constraints be applied:
1.Amazon Corretto will require a 3rd party FIPS 140-2 certified solution for any
data containing PHI/PII or VA sensitive information.
2. VA already has an AWS Support Plan, it must be verified that Corretto is
covered on the plan the VA currently has; otherwise, it is recommended that
the VA purchase a plan to receive assistance with Corretto.
3.Corretto should be administered only by the Desktop and Device Engineering
team with access to this product restricted and limited to privileges that are
needed to perform specific duties. Also audit logs should be reviewed in
accordance with VA Handbook 6500, Continuous Monitoring standards.
4. It is strongly recommended that these patches are prioritized, tested, and
installed as soon as they become available. | | [7] | Users should check with their supervisor, Information Security Office (ISO) or local OIT representative for permission to download and use this software. Downloaded software must always be scanned for viruses prior to installation to prevent adware or malware. Freeware may only be downloaded directly from the primary site that the creator of the software has advertised for public download and user or development community engagement. Users should note, any attempt by the installation process to install any additional, unrelated software is not approved and the user should take the proper steps to decline those installations. | | [8] | Due to major security vulnerabilities associated with JDK, only the current supported patch sets, which are released every 3 months, are approved for use and the prior patch set will be divested for one quarter to allow time for transition.
Note: It is the system owner`s responsibility to ensure proper licensing is obtained and in place for Java patches that are installed on machines they own. Care should be taken to test and minimize product interaction where this technology is used on the same machine with other vendor`s JDK implementations.
Per the Initial Product Review, users must abide by the following constraints:
- Amazon Corretto will require a 3rd party FIPS 140-2 certified solution for any data containing PHI/PII or VA sensitive information.
- VA already has an AWS Support Plan, it must be verified that Corretto is covered on the plan the VA currently has; otherwise, it is recommended that the VA purchase a plan to receive assistance with Corretto.
- Corretto should be administered only by the Desktop and Device Engineering team with access to this product restricted and limited to privileges that are needed to perform specific duties. Also audit logs should be reviewed in accordance with VA Handbook 6500, Continuous Monitoring standards.
- It is strongly recommended that these patches are prioritized, tested, and installed as soon as they become available.
| | [9] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISSO (Information System Security Officer) to ensure compliance with VA Handbook 6500. | | [10] | Users should check with their supervisor, Information System Security Officer (ISSO) or local OIT representative for permission to download and use this software. Downloaded software must always be scanned for viruses prior to installation to prevent adware or malware. Freeware may only be downloaded directly from the primary site that the creator of the software has advertised for public download and user or development community engagement. Users should note, any attempt by the installation process to install any additional, unrelated software is not approved and the user should take the proper steps to decline those installations. | | [11] | The Federal Information Processing standards (FIPS) 140-2 certification status of this technology was not able to be verified. This technology will require a 3rd party FIPS 140-2 or 140-3 certified solution for any data containing PHI/PII or VA sensitive information, where applicable. More information regarding the Cryptographic Module Validation Program (CMVP) can be found on the NIST website. | | [12] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISSO (Information System Security Officer) to ensure compliance with both VA Handbook 6500 and VA Directive 6500. |
|
Note: |
At the time of writing, version 8.412.08.1 (1.8.0412) is the most current version, released 04/16/2024. The Most Current Server Versions are 11.0.23.91, 17.0.11.9.1, and 21.0.3.9.1. A standard configuration of this technology was developed by the DDE team. At the time of writing, the standard version is 8.412.08.1 (1.8.0.412).
The Server versions are not included in the DDE standard. Update to the most current Long Time Support (LTS) version that is included with the package. NOTE: Versions undergoing evaluation may not be released for production at time of TRM review. Information was included to anticipate/capture future releases for planning and migration. Java 7 became unsupported on 7/22/2022 and is TRM unapproved. Due to major security vulnerabilities associated with this technology, only the current supported patch sets, which are released every 3 months, are approved for use and the prior patch set will be divested for one quarter to allow time for transition. Java 12, 13, 14, 15, 16, 18, 19, and 20 are not long term supported releases and only have 6 month lifecycles. These versions will not be approved in VA. |