Toxic Exposure: Prepare artifacts for PSIRR

[pacerwow]

Issue Description

As a VA Platform I want to ensure that the toxic exposure feature meets Platform's privacy and security standards so that it can be released successfully while protecting the safety of Veterans and VA.gov.

---

Tasks

• [ ] Complete the PSIRR request form and include the following:
• [x] Link to product outline
• [x] Ensure Product Outline contains Incident Response info, including:
• [x] Points of contact for your system and dependent VA backends
• [x] Links to dashboards that help identify and debug application issues
• [x] Links to technical diagrams (checked into GitHub alongside your product documentation), including:
• [x] An architecture diagram, showing involved systems and how they connect.
• [x] For non-trivial flows (i.e. more than a single round-trip call from frontend → vets-api → VA Backend), a sequence diagram showing the ordered flow of data and operations between systems.
• [x] Describe any new publicly-exposed endpoints (vets-api or otherwise):
• [x] Describe any new interactions with dependent VA backends
• [x] Describe any other security hotspots you're concerned about / want extra attention on
• [x] Link to Release Plan with the "Planning" sections completed (in each section: Phase I, Phase II, Go Live)
• [x] Refer to additional guidance found in the Privacy, security, infrastructure readiness review request form

Acceptance Criteria

Given the artifacts to successfully complete a PSIRR request form are needed When the artifacts or documents are not created or complete Then create necessary documentation and/or artifacts for the request form and submit it to Platform

---

How to configure this issue

• [ ] Attached to a Milestone (when will this be completed?)
• [ ] Attached to an Epic (what body of work is this a part of?)
• [ ] Labeled with Team (product support, analytics-insights, operations, service-design, Console-Services, tools-fe)
• [ ] Labeled with Practice Area (backend, frontend, devops, design, research, product, ia, qa, analytics, contact center, research, accessibility, content)
• [ ] Labeled with Type (bug, request, discovery, documentation, etc.)

[pacerwow]

I can submit the ticket, will need everyone's help in making sure the artifacts are created & current.

[mchae-nava]

Working on the metrics portion of this

[aurora-a-k-a-lightning]

working on these parts:

1. An architecture diagram, showing involved systems and how they connect.
2. For non-trivial flows (i.e. more than a single round-trip call from frontend → vets-api → VA Backend), a sequence diagram showing the ordered flow of data and operations between systems.
3. Describe any new interactions with dependent VA backends

[pacerwow]

TE Product Outline: https://github.com/department-of-veterans-affairs/va.gov-team/blob/master/products/disability/526ez/toxic-exposure-initiative-brief.md

[aurora-a-k-a-lightning]

Architecture diagram https://github.com/department-of-veterans-affairs/va.gov-team/blob/master/products/disability/526ez/engineering_research/diagrams/DBex%20Diagrams%20-%20%2388404%20-%20PSIRR.jpeg

[aurora-a-k-a-lightning]

For this: Describe any new publicly-exposed endpoints We have none.

[aurora-a-k-a-lightning]

For this: Describe any new interactions with dependent VA backends We have new interactions with the Lighthouse Benefits Claims APIs as described in the Architecture diagram:

1. https://api.va.gov/services/claims/v2/veterans/:veteranId/526/synchronous - submits the Form 21-526EZ data for claim establishment within VBMS
2. https://api.va.gov/services/claims/v2/veterans/:veteranId/claims/:id - gets information about a claim
3. https://api.va.gov/services/claims/v2/veterans/:veteranId/526/generatePDF/minimum-validations - generates a Form 21-526EZ 2022 PDF

All are using the pre-existing Client Credentials Grant (ccg) authentication mechanism with Lighthouse.

[aurora-a-k-a-lightning]

For this: Describe any other security hotspots you're concerned about / want extra attention on We don't have any. We're using pre-existing connections and libraries within vets-api.