Questions regarding Apache Nifi product.

Tue, 10 Oct 2017 07:13:20 -0700 

Good morning to you. I am currently working on the ArCADIE project here at

AIMKE at Ft. Eustis Virginia and we are trying to utilize your software for

a new project we will be developing. We have questions that need to be

answered by your security team to obtain a Certificate of Networthiness

(CON). We will list them in bullet format, please see below: 

 

- Explain how patch management and updates will be handled and by whom: *

- DUNS Number - (need your DUNS number for acquisition)

 

- System Requirements - Only include what will actually be utilized: *

- Is this product IPV6 compliant? Yes/No

- Describe in detail how this capability communicates across the network(LAN

and WAN). 

                What is the product installed on? 

                How does the user access the program? 

                How is data entered into the application? 

                Does product pull data or transmit data to any other

devices/systems/servers? 

                Where is data saved to? 

                Does data stay internal to the local enclave?

 

- We will need a data flow diagram (visio format) of the product 

- Is it FIPS 140-certified? (Yes/No) 

                If yes - If FIPS 140-certified please provide number

 

-Does this product have real time collaboration capabilities?  Yes/No 

                - If yes - Please provide the GA&CKO waiver

 

- Does this product have IA Capabilities? Yes/No 

                - If yes - Please explain IA Capabilities

 

- Is this capability IA-enabled? Yes/No

- Is this product Common Criteria (NIAP) certified? YES/NO

                - If yes - Please provide Common Criteria certified please
provide

certification number - 

 

- Is this a Web Capability? Yes / No

                If yes - Does the Web Capability utilize FIPS 140-2
compliant

encryption? Yes/No

                                If Yes Provide the Encryption utilized - 

                            - Does this web capability support SHA-256?

                            - Is this product backwards compatible with
SHA-1?

 

- Does this product have NETOPS Capabilities? Yes/No

                If yes - How will it be used by the System Administrator?

 

- Is the product capable of remote management? Yes / No

                - Is it encrypted? Yes/No

                - Describe how it will be used for remote management and by
whom - 

 

Ports, Protocols, and Services - Please provide all Ports, Protocols, and

Services utilized by the software.

 

 

V/r,

 



 

Anthony D. Burden

Lead Engineer - Cyber Security Operations Engineer

Booz Allen Hamilton

5800 Lake Wright Dr., Norfolk VA 23502

Cell: 803-237-9355 (Primary)

Work: 757-893-8197

Client: 757-501-6076

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to