Jump to content

Meza/Enterprise Application Requirements

From mediawiki.org

A list of enterprise environment requirements that users are working to deliver with meza

If you wish, feel free to create a new user column for yourself in the table below (make the column heading your username here) and add "X's" to all of the requirements that your meza application must meet. Also feel free to add new rows for any requirements that aren't currently listed. The goal of the table to provide the developers of Meza with a survey of the needs of the Meza community.

Class Enterprise Requirement Enterprise Requirement Text

The application shall...

ASR[1] Rationale revansx GregRundlett User2 User3 etc..
Base RHEL7 be hosted in the organizations existing RHEL7 system X tbd X
Base ETADS Compliant comply with the Enterprise Technology Assessments and Digital Standards (ETADS)

as found at https://etads.nasa.gov/standards/

X tbd X
Base NIST MODERATE have apply the NIST 800-53 security controls to comply with a security classification of MODERATE

as found at:https://nvd.nist.gov/800-53/Rev4/impact/moderate

X tbd X
Base CA Policy Agent utilize the organizations CA Policy Agent X tbd X
Base AWS Application needs to be hosted within clients existing AWS account X X
Base SSAE 16 Data center must have a SSAE 16 compliance certificate [1] X Especially in financial services / accounting industries X
Base SOC-2 Data center must have a SOC-2 certificate / be compliant X Especially in financial services / accounting industries X
Core Apache use the Apache webserver to host the application X
Core PHP use PHP version <tbd> or greater X
Core MariaDB use MariaDB version <tbd> or greater X
Core Mediawiki deliver wikis using Mediawiki 1.30 or greater X tbd X
Base SBU & CUI be designed to store and display content designated by users as Sensitive But Unclassified or Controlled Unclassified Information. in accordance with the organizations policies for storing and displaying SBU and CUI content. X tbd X
Core mw-ShortURLS be con X tbd X
AC eAuth tbd X tbd X
AC auto account creation tbd X tbd X
AC auto-login tbd X tbd X
tbd SMW tbd tbd X
tbd Page Forms tbd tbd X
tbd SRF tbd tbd X
tbd non-meza html tbd X tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X
tbd tbd tbd tbd X

Notes:

ASR = Application Security Related --- This requirement's implementation represents an aspect of security and must be addressed in the application IT security Plan

Besides Amazon Web Services, I'm sure some enterprises will require hosting within their existing Microsoft Azure, or Google Cloud Platform accounts.

SSAE 16 and SOC-2 are not the same. So, it's possible that a client could require one, and not the other.