I support the Department of Veterans Affairs and I have been assigned the task of verifying the security compliance for TomEE.
Below is a short list a questions that I would appreciate answers to.
* What type of secure connection will there be between Apache TomEE and VA systems in terms of secure protocols implemented?
* To what extent does Apache TomEE use a FIPS 140-2 validated cryptographic module, and what is the certification number?
* What is the most recent version of Apache TomEE and its release date?
* Is there a Voluntary Product Accessibility Template (VPAT) program in place to assess Section 508 compliance?
* What are the main features of Apache TomEE?
* What Cloud Service Provider (CSP) agreements have been set for Apache TomEE to be used securely through the cloud?
* What other apps does Apache TomEE integrate with?
* Does Apache TomEE leverage other database products?
* Is Apache TomEE available for on-premise deployment?
* Does Apache TomEE reside on user network?
Thank in advance for your willingness to help by answering these questions
Russell Sandidge MBA, PMP, CISSP, SDP, ITIL (Contractor)
Project Manager, Prosphere
Solution Delivery (005OPB14)
Office of Information and Technology, IT Operations and Services
Office (202) 461-4433 Mobile 703-810-3029