tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sandidge, Russell H. (ProSphere)" <>
Subject Security compliance
Date Tue, 28 May 2019 15:16:15 GMT
Greetings All,

I support the Department of  Veterans Affairs and I have been assigned the task of verifying
the security compliance for TomEE.

Below is a short list a questions that I would appreciate answers to.

  *   What type of secure connection will there be between Apache TomEE and VA systems in
terms of secure protocols implemented?

  *   To what extent does Apache TomEE use a FIPS 140-2 validated cryptographic module, and
what is the certification number?

  *   What is the most recent version of Apache TomEE and its release date?

  *   Is there a Voluntary Product Accessibility Template (VPAT) program in place to assess
Section 508 compliance?

  *   What are the main features of Apache TomEE?

  *   What Cloud Service Provider (CSP) agreements have been set for Apache TomEE to be used
securely through the cloud?

  *   What other apps does Apache TomEE integrate with?

  *   Does Apache TomEE leverage other database products?

  *   Is Apache TomEE available for on-premise deployment?

  *   Does Apache TomEE reside on user network?
Thank in advance for your willingness to help by answering these questions

Best Regards,

Russell Sandidge MBA, PMP, CISSP, SDP, ITIL (Contractor)
Project Manager, Prosphere
Solution Delivery (005OPB14)
Security Engineering
Office of Information and Technology, IT Operations and Services
Office (202) 461-4433 Mobile 703-810-3029

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message