nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Witt <joe.w...@gmail.com>
Subject Re: Questions regarding Apache Nifi product.
Date Tue, 10 Oct 2017 15:02:11 GMT
Anthony,

with your bah addresses on bcc.  Hopefully you're on the users lists so
you'll get any follow ups.

Apache NiFi is an open source software project and community in the Apache
Software Foundation.  As such at least some of these questions probably do
not apply at least as stated or are misdirected.  Others should be answered
by first taking a look at the provided documentation.

Much of this information you can obtain by looking through the provided
documentation on our website [1] and wiki [2]. Please avoid sending in a
list of copy/paste questions that appear to come from some standard
government/company acquisition/security exercise and ask this group of open
source community members to then do the work.  While I'm sure it isn't your
intent it can come across poorly and decreases the chances of getting the
best and most helpful version of the community.

We don't have any FIPS guidance or diagrams to share and of course we'd not
have a GA&CKO waiver.

I would encourage you to please do some of the initial research into these
questions and then provide your own specific asks in areas where you need
help/clarity.

[1] https://nifi.apache.org/
[2] https://cwiki.apache.org/confluence/display/NIFI/Apache+NiFi

Thanks

On Tue, Oct 10, 2017 at 10:12 AM, Burden, Anthony [USA] <
Burden_Anthony@bah.com> wrote:

> Good morning to you. I am currently working on the ArCADIE project here at
>
> AIMKE at Ft. Eustis Virginia and we are trying to utilize your software for
>
> a new project we will be developing. We have questions that need to be
>
> answered by your security team to obtain a Certificate of Networthiness
>
> (CON). We will list them in bullet format, please see below:
>
>
>
> - Explain how patch management and updates will be handled and by whom: *
>
> - DUNS Number - (need your DUNS number for acquisition)
>
>
>
> - System Requirements - Only include what will actually be utilized: *
>
> - Is this product IPV6 compliant? Yes/No
>
> - Describe in detail how this capability communicates across the
> network(LAN
>
> and WAN).
>
>                 What is the product installed on?
>
>                 How does the user access the program?
>
>                 How is data entered into the application?
>
>                 Does product pull data or transmit data to any other
>
> devices/systems/servers?
>
>                 Where is data saved to?
>
>                 Does data stay internal to the local enclave?
>
>
>
> - We will need a data flow diagram (visio format) of the product
>
> - Is it FIPS 140-certified? (Yes/No)
>
>                 If yes - If FIPS 140-certified please provide number
>
>
>
> -Does this product have real time collaboration capabilities?  Yes/No
>
>                 - If yes - Please provide the GA&CKO waiver
>
>
>
> - Does this product have IA Capabilities? Yes/No
>
>                 - If yes - Please explain IA Capabilities
>
>
>
> - Is this capability IA-enabled? Yes/No
>
> - Is this product Common Criteria (NIAP) certified? YES/NO
>
>                 - If yes - Please provide Common Criteria certified please
> provide
>
> certification number -
>
>
>
> - Is this a Web Capability? Yes / No
>
>                 If yes - Does the Web Capability utilize FIPS 140-2
> compliant
>
> encryption? Yes/No
>
>                                 If Yes Provide the Encryption utilized -
>
>                             - Does this web capability support SHA-256?
>
>                             - Is this product backwards compatible with
> SHA-1?
>
>
>
> - Does this product have NETOPS Capabilities? Yes/No
>
>                 If yes - How will it be used by the System Administrator?
>
>
>
> - Is the product capable of remote management? Yes / No
>
>                 - Is it encrypted? Yes/No
>
>                 - Describe how it will be used for remote management and
> by whom -
>
>
>
> Ports, Protocols, and Services - Please provide all Ports, Protocols, and
>
> Services utilized by the software.
>
>
>
>
>
> V/r,
>
>
>
> [image: Booz_Allen_logo_black]
>
>
>
> Anthony D. Burden
>
> Lead Engineer - Cyber Security Operations Engineer
>
> Booz Allen Hamilton
>
> 5800 Lake Wright Dr., Norfolk VA 23502
> <https://maps.google.com/?q=5800+Lake+Wright+Dr.,+Norfolk+VA+23502&entry=gmail&source=g>
>
> Cell: 803-237-9355 <(803)%20237-9355> (Primary)
>
> Work: 757-893-8197 <(757)%20893-8197>
>
> Client: 757-501-6076 <(757)%20501-6076>
>
>
>

Mime
View raw message