Meza/Enterprise Application Requirements
A list of enterprise environment requirements that users are working to deliver with meza
If you wish, feel free to create a new user column for yourself in the table below (make the column heading your username here) and add "X's" to all of the requirements that your meza application must meet. Also feel free to add new rows for any requirements that aren't currently listed. The goal of the table to provide the developers of Meza with a survey of the needs of the Meza community.
| Class | Enterprise Requirement | Enterprise Requirement Text
The application shall... |
ASR[1] | Rationale | revansx | GregRundlett | User2 | User3 | etc.. |
|---|---|---|---|---|---|---|---|---|---|
| Base | RHEL7 | be hosted in the organizations existing RHEL7 system | X | tbd | X | ||||
| Base | ETADS Compliant | comply with the Enterprise Technology Assessments and Digital Standards (ETADS)
as found at https://etads.nasa.gov/standards/ |
X | tbd | X | ||||
| Base | NIST MODERATE | have apply the NIST 800-53 security controls to comply with a security classification of MODERATE
as found at:https://nvd.nist.gov/800-53/Rev4/impact/moderate |
X | tbd | X | ||||
| Base | CA Policy Agent | utilize the organizations CA Policy Agent | X | tbd | X | ||||
| Base | AWS | Application needs to be hosted within clients existing AWS account | X | X | |||||
| Base | SSAE 16 | Data center must have a SSAE 16 compliance certificate [1] | X | Especially in financial services / accounting industries | X | ||||
| Base | SOC-2 | Data center must have a SOC-2 certificate / be compliant | X | Especially in financial services / accounting industries | X | ||||
| Core | Apache | use the Apache webserver to host the application | X | ||||||
| Core | PHP | use PHP version <tbd> or greater | X | ||||||
| Core | MariaDB | use MariaDB version <tbd> or greater | X | ||||||
| Core | Mediawiki | deliver wikis using Mediawiki 1.30 or greater | X | tbd | X | ||||
| Base | SBU & CUI | be designed to store and display content designated by users as Sensitive But Unclassified or Controlled Unclassified Information. in accordance with the organizations policies for storing and displaying SBU and CUI content. | X | tbd | X | ||||
| Core | mw-ShortURLS | be con | X | tbd | X | ||||
| AC | eAuth | tbd | X | tbd | X | ||||
| AC | auto account creation | tbd | X | tbd | X | ||||
| AC | auto-login | tbd | X | tbd | X | ||||
| tbd | SMW | tbd | tbd | X | |||||
| tbd | Page Forms | tbd | tbd | X | |||||
| tbd | SRF | tbd | tbd | X | |||||
| tbd | non-meza html | tbd | X | tbd | X | ||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X | |||||
| tbd | tbd | tbd | tbd | X |
Notes:
ASR = Application Security Related --- This requirement's implementation represents an aspect of security and must be addressed in the application IT security Plan
Besides Amazon Web Services, I'm sure some enterprises will require hosting within their existing Microsoft Azure, or Google Cloud Platform accounts.
SSAE 16 and SOC-2 are not the same. So, it's possible that a client could require one, and not the other.