-
Kabanero and Appsody components will need to be FIPS 140-2 compliant in order for US government/federal agencies to use it. All the components we develop that are part of collections admin and eventi…
-
From Issue #36.
**Federal systems, and federally funded state systems, must demonstrate FISMA compliance using the NIST SP800-53 guidelines according to Federal Information Processing Standards (…
-
Let's bake the nginx files into `fisma-ready/nginx`, instead of here, and then download them during the build process. (The build process already requires an internet connection.)
- [x] I need to move…
-
### Description
When a user is offboarded, their NOAA account will no longer exist thus preventing them from using that to login. However, even if the NOAA account is terminated or disabled, if the…
-
### Finding Description
The app is vulnerable to the Janus exploit.
Janus ([CVE-2017-13156](https://nvd.nist.gov/vuln/detail/CVE-2017-13156)) exposes a critical flaw in Android's APK validation proc…
-
# Task
Identify regulatory constraints and restraints for the project.
# Method
Members comment on this issue with the following template:
### Regulation Name:
### Regulation Country / L…
-
https://github.com/fisma-ready/github/blob/master/customer-responsibility-controls.md
-
https://help.github.com/articles/proposed-amendment-to-github-terms-of-service-applicable-to-u-s-federal-government-users/
-
Something to consult once we Docker-ify.
http://nginx.com/blog/deploying-nginx-nginx-plus-docker/
-
### Finding Description
At least one key that was used to sign the app is too short to be considered secure.
The application was signed using a key length less than or equal to 1024 bits, making it …