[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openejb-user
Subject:    Security compliance
From:       "Sandidge, Russell H.  (ProSphere)" <Russell.Sandidge2 () va ! gov>
Date:       2019-05-28 15:16:15
Message-ID: DM6PR09MB390076F0D1CC89FC5E59A9DCD41E0 () DM6PR09MB3900 ! namprd09 ! prod ! outlook ! com
[Download RAW message or body]


Greetings All,

I support the Department of  Veterans Affairs and I have been assigned the =
task of verifying the security compliance for TomEE.

Below is a short list a questions that I would appreciate answers to.


  *   What type of secure connection will there be between Apache TomEE and=
 VA systems in terms of secure protocols implemented?



  *   To what extent does Apache TomEE use a FIPS 140-2 validated cryptogra=
phic module, and what is the certification number?



  *   What is the most recent version of Apache TomEE and its release date?



  *   Is there a Voluntary Product Accessibility Template (VPAT) program in=
 place to assess Section 508 compliance?



  *   What are the main features of Apache TomEE?



  *   What Cloud Service Provider (CSP) agreements have been set for Apache=
 TomEE to be used securely through the cloud?



  *   What other apps does Apache TomEE integrate with?



  *   Does Apache TomEE leverage other database products?



  *   Is Apache TomEE available for on-premise deployment?



  *   Does Apache TomEE reside on user network?
Thank in advance for your willingness to help by answering these questions

Best Regards,

Russell Sandidge MBA, PMP, CISSP, SDP, ITIL (Contractor)
Project Manager, Prosphere
Solution Delivery (005OPB14)
Security Engineering
Office of Information and Technology, IT Operations and Services
Office (202) 461-4433 Mobile 703-810-3029



[prev in list] [next in list] [prev in thread] [next in thread]