RFP # CWIA-01-2011 Appendix N: L&I Enterprise Standards

RFP # CWIA-01-2011 Appendix N:

L&I Enterprise Standards Version 3.1 July 2010

L&I Enterprise Standards

2

Revision History

Date Versio

n Description Author

1.0 Initial Creation

02-20-2007

1.1 Merged with OA Stds.

Standardized format of all sections

BEA/amh

05-15-2007 1.2 Removed standards related to the Development

Practices/BSCoE Standards from this document

and published “DRAFT_BSCoE

Development_Practices”

BEA/amh

06-14-2007 1.3 Updated with changes submitted by each domain

and consequently approved by the Enterprise

Standards Steering Committee.

BEA/amh

08-29-2007 1.4 Updated the links from old PA DSF developed site

to new AquaLogic OA Portal. This change

occurred after previous version was submitted for

review.

BEA/amh

09-12-2007 1.5 Added summary paragraph to the Preface in

accordance with Mary Benner‟s directive to specify

files external to the Comm of PA must be sent

FTP.

BEA/amh

Added link to OA Enterprise Standards to Preface. BEA/amh

Added new section to Information and Integration

Standards domain: FTP Clients.

BEA/amh

Added Mozilla Firefox browser to PC Enterprise

EMERGING section of the Platform Standards

domain with comments limiting its use to OIT web

application testing.

BEA/amh

Added SafeBoot to the PC Enterprise CURRENT

section of the Platform Standards domain.

BEA/amh

Added MS BitLocker to the PC Enterprise

EMERGING section of the Platform Standards

domain.

BEA/amh

Added, to the Application Standards domain, a

link to the following BSCoE Best Practices located

out on the OA Enterprise Portal:

Business Requirements Gathering

Change and Configuration Management

Source Code Control

Documentation

Coding

Messaging

Quality Assurance

Application Security

BEA/amh

10-11-2007 1.6 Reworded reference to EDI in Preface BEA/amh

Added link description to BSCoE Development

Practices sections

BEA/amh

Replaced references to „Policy‟ with „Standard‟ per BEA/amh


3

Gary Collins request.

08-19-2008 1.7 Added Requirements Definition Lifecycle BEA/hna

Added Security – Incident Response BEA/cas

Added Security – Security testing and assessment BEA/cas

04-2009 1.8 Updated version of IBM Tivoli Monitoring Suite BEA/cas

05-2009 1.9 Updated versions SQL Server and Visual Studio to

2008

BEA/cas

Changed all references of Mercury to HP

Removed references to OAs ITB I 6.2.1 – it was

rescinded by OA.

06-2009 2.0 Updated Platform – PC Enterprise Standards BEA/cas

Added Microsoft Team Foundation Server to

Software Configuration Management

Added Oracle UPK Pro 6.2 to Development Tools -

Help (previously OnDemand)

Added new section Management Tools – Job

Scheduler

7-2009 2.1 Added Microsoft Outlook 2007 to PC Enterprise

Software under Emerging

BEA/cas

10-2009 Updated Intel Server Operating System standards BEA/cas

Updated UNIX Server Operating System standards

Updated Virtual Server Technology standards

Updated Security/Operating Systems Operational

Standards

06-2010 3.0 Rewritten to consolidate L&I and OA standards

data to be referenced from this document as one

source.

Rational – Updates for version upgrades

Windows 7 – added to „PC Operating System‟ and

„PC Enterprise Software‟ as „Emerging/Research‟

Office 2007 – added as „Current‟

Project 2007 – Added as „Current‟

Visio 2007 – Added as „Current‟

MS OneNote 2007 – Added as „Current‟

System Center Configuration Manager 2007 –

Added as „Emerging/Research‟

MS Virtual PC 2007 - Updates for version

upgrades

BEA/cas,

wch

07-2010 3.1 Removed standards related to the Development

Practices/BSCoE Standards.

Full review cycle completed. All sections have

been reviewed and updated or validated by the

appropriate program area.

BEA/hna,

wch


4

Preface

The Department of Labor and Industry Enterprise Standards document was

developed to record and demonstrate the Department of Labor and Industry, Office of Information Technology‟s compliance with the over-all Enterprise

Architecture Policies and Domain Standards. Those policy and standards originated from the Office of Administration, which has the executive

oversight of the IT efforts of all state agencies within the Commonwealth of Pennsylvania. The standards listed in this document correlate very closely to

specific Information Technology Bulletins (ITBs) listed within OA Domains.

OA standards and L&I standards, however, are not a carbon copy of one another. In most cases, there are no discrepancies between the two;

however, there are several instances where L&I has obtained exceptions

from OA recommendations. These exceptions are duly noted. In addition, L&I does not currently employ all of the OA approved software listed in this

document, but it does accept these recommendations and will adopt those standards should there be a need for like software in the future. At present,

the only Labor & Industry exceptions to OA standards are those that have been acknowledged and sanctioned.

Should any areas exist that this Enterprise Standards document does not

address, DLI defers to the Commonwealth of PA OA Standards which can be located in the Appendix.

All standards identified in this document are subject to periodic review and

possible revision by the L&I OIT Enterprise Standards Steering Committee (ESSC).

With respect to the transmission of external files to the Commonwealth MAN, the only permitted mode is FTP. With the exception of a few instances

remaining in legacy applications, EDI is no longer an acceptable Commonwealth solution and Web Services (outside the Commonwealth) is not yet supported.

This standard only targets the specific issue of how external files are sent to the Commonwealth and is not intended to address how external files may be

retrieved by the Commonwealth (FTP, link to URL, etc.)

All references to standard software will fall into the following categories:


5

Current Technologies that are supported by the current standards and

meet the requirements of the architecture. They are recommended for use.

Contain These technologies are being phased out over the next three to

five years.

Retire Plans should be developed to phase out and replace these

technologies. A date for discontinuance has been set.

Emerging /

Research

Technologies that have the potential to become current. At the

present time, they should be used only in pilot or test environments where they can be evaluated. They will require a

waiver request to be used in a limited production mode.


6

Table of Contents

APPLICATION STANDARDS .......................................................................................... 10

ABSTRACT ................................................................................................................................. 10

STANDARDS .............................................................................................................................. 10

GENERAL ................................................................................................................................... 11

REFRESH SCHEDULE ................................................................................................................ 11

EXEMPTION FROM THESE STANDARDS .................................................................................... 11

QUESTIONS ............................................................................................................................... 11

DEVELOPMENT LANGUAGES ..................................................................................................... 12

DEVELOPMENT PRACTICES ...................................................................................................... 14

DEVELOPMENT TOOLS – APPLICATION DEVELOPMENT ......................................................... 16

DEVELOPMENT TOOLS – LOAD AND PERFORMANCE TESTING .............................................. 18

DEVELOPMENT TOOLS – TESTING AND DEBUGGING ............................................................ 20

DEVELOPMENT TOOLS – WEB DEVELOPMENT FRAMEWORKS ............................................... 22

DEVELOPMENT TOOLS – REQUIREMENTS, DATA AND OBJECT MODELING ......................... 24

DEVELOPMENT TOOLS – MESSAGING .................................................................................... 26

DEVELOPMENT TOOLS – REPORT DEVELOPMENT .................................................................. 28

DEVELOPMENT TOOLS – REPORT DISTRIBUTION .................................................................. 29

DEVELOPMENT TOOLS – HELP ................................................................................................ 30

DEVELOPMENT TOOLS – RULES ENGINES ............................................................................. 31

DEVELOPMENT TOOLS – SOA REGISTRY AND REPOSITORY ................................................ 32

WEB INFORMATION SERVERS ................................................................................................. 33

WEB APPLICATION SERVERS................................................................................................... 35

PORTAL...................................................................................................................................... 37

MANAGEMENT TOOLS – REQUIREMENTS DEFINITION LIFECYCLE ........................................ 38

MANAGEMENT TOOLS – REQUIREMENTS MANAGEMENT ....................................................... 39

MANAGEMENT TOOLS – SOFTWARE CONFIGURATION MANAGEMENT ................................. 41

MANAGEMENT TOOLS – SOFTWARE CHANGE MANAGEMENT ............................................... 43

MANAGEMENT TOOLS – JOB SCHEDULER .............................................................................. 45

INFORMATION AND INTEGRATION STANDARDS ........................................... 46

ABSTRACT ................................................................................................................................. 46

STANDARDS .............................................................................................................................. 46

GENERAL ................................................................................................................................... 46



QUESTIONS ............................................................................................................................... 47

RELATIONAL DBMS ................................................................................................................. 48

DATA & DATABASE MODELING TOOLS .................................................................................. 50

DATABASE ADMINISTRATION TOOLS...................................................................................... 52

MESSAGE ORIENTED MIDDLEWARE ........................................................................................ 54


7

FTP CLIENTS ............................................................................................................................ 55

ELECTRONIC DOCUMENT MANAGEMENT ................................................................................. 56

NETWORK STANDARDS .................................................................................................. 57

ABSTRACT ................................................................................................................................. 57

STANDARDS .............................................................................................................................. 57

GENERAL ................................................................................................................................... 57



QUESTIONS ............................................................................................................................... 57

LOCAL AREA NETWORK (LAN) PHYSICAL INFRASTRUCTURE (LAYER 1)............................ 58

WIDE AREA NETWORK (WAN) PHYSICAL INFRASTRUCTURE (LAYER 1) ........................... 59

LOCAL AREA NETWORK (LAN) LAYER 2 PROTOCOLS .......................................................... 60

WIDE AREA NETWORK (WAN) LAYER 2 PROTOCOLS ......................................................... 61

LOCAL AREA NETWORK (LAN) LAYER 3 & 4 PROTOCOLS .................................................. 62

ROUTING ................................................................................................................................... 63

SWITCHING ............................................................................................................................... 64

CONCENTRATOR/HUB .............................................................................................................. 65

BRIDGING ................................................................................................................................. 66

ADAPTER CARDS ...................................................................................................................... 67

MODEMS ................................................................................................................................... 68

REMOTE ACCESS METHODS AND TECHNOLOGY .................................................................... 69

NETWORK DIAGRAM TECHNOLOGIES ..................................................................................... 71

INSTANT MESSAGING .............................................................................................................. 72

NETWORK MANAGEMENT TOOLS ............................................................................................ 73

PLATFORM STANDARDS ................................................................................................. 75

ABSTRACT ................................................................................................................................. 75

STANDARDS .............................................................................................................................. 75

GENERAL ................................................................................................................................... 75



QUESTIONS ............................................................................................................................... 75

PC HARDWARE ......................................................................................................................... 76

PC OPERATING SYSTEM .......................................................................................................... 78

PC ENTERPRISE SOFTWARE .................................................................................................... 79

INTEL SERVER HARDWARE ...................................................................................................... 81

INTEL SERVER OPERATING SYSTEM ....................................................................................... 83

UNIX SERVER HARDWARE ..................................................................................................... 85

UNIX SERVER OPERATING SYSTEM....................................................................................... 86

SERVER ENTERPRISE SOFTWARE ............................................................................................ 87

VIRTUAL SERVER TECHNOLOGY .............................................................................................. 89

STORAGE AREA NETWORK ...................................................................................................... 91

STORAGE AREA NETWORK FABRIC SWITCHES ...................................................................... 92


8

NETWORK PRINTING ................................................................................................................ 93

BACKUP/RECOVERY STORAGE - TAPE .................................................................................... 94

PROJECT MANAGEMENT STANDARDS .................................................................... 95

ABSTRACT ................................................................................................................................. 95

STANDARDS .............................................................................................................................. 95

GENERAL ................................................................................................................................... 95



QUESTIONS ............................................................................................................................... 96

MS PROJECT, MS PROJECT VIEWER, CLARITY ..................................................................... 97

SECURITY STANDARDS ................................................................................................... 98

ABSTRACT ................................................................................................................................. 98

GUIDING POINTS ..................................................................................................................... 98

STANDARDS .............................................................................................................................. 99

REFRESH SCHEDULE .............................................................................................................. 105

EXEMPTION FROM THESE STANDARDS .................................................................................. 106

QUESTIONS ............................................................................................................................. 106

OPERATING SYSTEMS ............................................................................................................ 107

APPLICATIONS ........................................................................................................................ 108

DATABASE ............................................................................................................................... 110

INCIDENT RESPONSE ............................................................................................................. 110

SECURITY TESTING AND ASSESSMENT ................................................................................. 112

NETWORK SECURITY STANDARDS ........................................................................ 113

ABSTRACT ............................................................................................................................... 113

STANDARDS ............................................................................................................................ 113

GENERAL ................................................................................................................................. 113



QUESTIONS ............................................................................................................................. 114

ARCHITECTURE ....................................................................................................................... 115

PORT SECURITY ...................................................................................................................... 116

SECURITY ................................................................................................................................ 117

FIREWALL ACCESS CONTROL ................................................................................................ 117

TRANSPORT CONTROL ........................................................................................................... 118

INTRUSION DETECTION ......................................................................................................... 120

SYSTEMS MANAGEMENT .............................................................................................. 121

ABSTRACT ............................................................................................................................... 121

STANDARDS ............................................................................................................................ 121

GENERAL ................................................................................................................................. 121



9


QUESTIONS ............................................................................................................................. 124

IT SERVICEMANAGEMENT (ITSM) PRODUCT AND PLATFORM STANDARDS..................... 125

APPENDIX ............................................................................................................................. 127


10

Application Standards

Issued by: L&I OIT Enterprise Standards Steering Committee

Date Issued:

Date Revised: 07-08-2010

Domain: Application

Discipline: Application Development

Abstract

This document establishes enterprise-wide standards and guidance for Application Development at Labor and Industry (L&I), using a structured

approach to applying technology to solve business problems through the effective utilization of standard development technologies and practices to

deliver reusable business services. This is achieved by the establishment of a library made of common standards, best practices, and a code repository.

The repository is populated with existing “best-in-class” service components developed both internally and externally. In addition, on an ongoing basis,

newly developed components from current and future projects will be stored in the repository.

For additional information, please refer to the Appendix.

Standards

New application development projects will be required to use the current standards and best practices defined by L&I-OIT Enterprise Standards.

Major revisions to existing applications that are not using the current

standards will be reviewed as part of the IT Procurement Review Process to determine if the investment warrants a change in standards at that time.

For applications using languages, tools and frameworks classified as “Retire,” a date for migration off this technology has been established.

IT projects related to application development will be subject to review prior

to inception for compliance with this standard through a review by Communities of Practice and/or the Procurement Review Processes.

The main objectives of these standards are to:

Provide an uniform approach to application development

Provide a common method of setting and achieving enterprise priorities


11

Reduce costs for application development

Decrease time to production for applications Enhance and promote standardization

Enhance information sharing Increase coordinated IT security

Reduce redundancy Improve utilization of IT resources

Provide a developed set of core technologies Provide a standard approach to application development training

and utilization of resources


General

This Information applies to all Application Development within Labor and

Industry.

Refresh Schedule

All standards identified in this document will be subject to review and possible revision annually or upon request by the L&I–OIT Standards

Committee.

Exemption from these standards

In the event of a need for an exemption, for reasons such as the need to comply with requirements for a Federally mandated system, an „Enterprise Standards

Waiver Request‟ form must be submitted via e-mail to: L&I Software Review Committee.


Questions

Questions regarding this general standards statement should be directed to Edward Bowlen, Chief, Standards Development and Compliance Division,

Bureau of Enterprise Architecture, at [email protected].

mailto:[email protected]


12


Date Issued:


Domain: Application


Technology: Development Languages

Document Title:

Referenced by:

DLI/OIT Enterprise Standards

CURRENT STANDARDS

Technology Platforms Comments

C# Windows/.Net

Visual Basic .Net Windows/.Net

ASP .Net Windows/.Net

Java All L&I Standard, not OA

J2SE All

Java SE All

J2EE All

Java EE All

CONTAIN


J2SE 1.3.1 and prior All

J2EE 1.3 and prior All

PHP (all versions) All

COBOL1 (all variants and versions)

All

Python (all versions) All

Microsoft J# (all versions)

All

PowerBuilder All

Perl All OA Standard, not L&I

C++ All OA Standard, not L&I

C All OA Standard, not L&I

Fortran (all variants) All OA Standard, not L&I

Entire X All OA Standard, not L&I

Natural All OA Standard, not L&I

Spectrum All OA Standard, not L&I

1 Any new development using COBOL must be approved by L&I before development begins.


13

PL/I All OA Standard, not L&I

Unisys MAPPER All OA Standard, not L&I

Unisys COBOL All OA Standard, not L&I

Oracle Forms All OA Standard, not L&I

RETIRE


Visual Basic 6.0 and

earlier

Windows Retire by 12/31/2011

Assembler All Retire by 12/31/2011

PERCobol (all

versions)

All

Microsoft Fox Pro Windows OA Standard, not L&I

Retire by 12/31/2008

Unisys Business information Server

(formally MAPPER) (all versions)

All OA Standard, not L&I Retire by 12/31/2010

Oracle Forms 6i and

Earlier

All OA Standard, not L&I


EMERGING / RESEARCH


For the most current OA-OIT Application Domain Standards for Development Languages please refer to the Appendix.


14


Date Issued:


Domain: Application


Technology: Development Practices

Document Title:

Referenced by:


CURRENT STANDARDS


Microsoft Solutions

Framework

Windows

IBM/Rational Unified

Process

Windows

CONTAIN


BSCoE Software Engineering Process

(SEP)

Windows / AIX

RETIRE


Oracle CASE*Method All OA Standard, not L&I


15

EMERGING / RESEARCH


Eclipse Process

Framework

Windows

OpenUP (Open Unified Processes

Windows

The most current OA-OIT Application Domain Standards for Development Practices are available at Appendix.


16


Date Issued:


Domain: Application


Technology: Development Tools – Application Development

Document Title:

Referenced by:


CURRENT STANDARDS


Microsoft Visual Studio .NET 2010

Windows

Microsoft Visual Studio

.NET 2008

Windows

IBM Rational Application

Developer for WebSphere Software

Version 7.0

Windows

Eclipse Windows

Microsoft Team

Foundation Server (all editions)

Windows Current

CONTAIN


Advantage:Gen All L&I Standard, not OA

PowerBuilder (all

versions)

All

Microsoft Visual

Studio (Prior to 2008)

Windows

Sun Java Studio All

Eclipse 3.0 and prior All

IBM Rational

Application Developer for

All


17

WebSphere Software

(Prior to version 6.0)

Borland Delphi All OA Standard, not L&I

Borland Jbuilder All OA Standard, not L&I

Borland C++ OA Standard, not L&I

Borland Enterprise

Studio for Java)


BEA Systems WebLogic Workshop


Oracle Forms Developer


Oracle JDeveloper All OA Standard, not L&I

Sun Forte for Java All OA Standard, not L&I

Compaq Visual Fortran


Micro Focus Net Express


IBM VisualAge

COBOL


IBM VisualAge Java All OA Standard, not L&I

Absoft Fortran All OA Standard, not L&I

RETIRE


Microsoft Visual

Studio 6.0 & Earlier

All Retire by 12/31/2008

Microsoft Visual

Interdev (All Versions)

All Retire by 12/31/2008

Microsoft Fox Pro All Retire by 6/30/2008

EMERGING / RESEARCH


The most current OA-OIT Application Domain Standards for Development

Tools – Application Development are available at Appendix.


18

Issued by:

L&I OIT Enterprise Standards Steering Committee

Date Issued:


Domain: Application


Technology: Development Tools – Load and Performance Testing

Document Title:

Referenced by:


CURRENT STANDARDS


HP LoadRunner 9.52 Windows

CONTAIN


IBM/Rational Performance Tester

Windows OA Standard

IBM/Rational Robot Windows OA Standard

IBM/Rational Test Manager

Windows OA Standard

HP WinRunner All OA Standard, not L&I

RETIRE


CompuWare QARun All OA Standard, not L&I

Retire by 6/30/2006


19

EMERGING / RESEARCH


SOASTA Cloud In POC

The most current OA-OIT Application Domain Standards for Development Tools – Load & Performance Testing are available at Appendix.


20


Date Issued:


Domain: Application


Technology: Development Tools – Testing and Debugging

Document Title:

Referenced by:


CURRENT STANDARDS


HP Quality center

10.0

Windows

HP Quick Test Pro

10.0

Windows L&I Standard, not OA

CONTAIN


SmartTest All L&I Standard, not OA

IBM / Rational

Functional Tester

Windows

IBM / Rational Test Manager

Windows

IBM / Rational Purify Plus

Windows

Mercury WinRunner

(all versions)

All

RETIRE


OPENSta All L&I Standard, not OA Retire by 12/31/2005


21

EMERGING / RESEARCH


The most current OA-OIT Application Domain Standards for Development Tools –

Testing and Debugging are available at Appendix.


22


Date Issued:


Domain: Application


Technology: Development Tools – Web Development Frameworks

Document Title:

Referenced by:


CURRENT STANDARDS


Microsoft .NET 3.5

SP1

Windows

Microsoft .NET 3.0 Windows

J2EE 1.4 All

CONTAIN


J2EE 1.3 and Prior All


BSCoE.NET

Framework

Windows

BSCoE.4J Framework All

RETIRE



Microsoft .Net 1.0 Windows

Microsoft ASP Windows


23

EMERGING / RESEARCH


J2EE 1.5 All

Microsoft.NET 4.0 Windows


Web Development Frameworks are available at Appendix.


24


Date Issued:


Domain: Application


Technology: Development Tools – Requirements, Data and Object Modeling

Document Title:

Referenced by:


CURRENT STANDARDS


Computer Associates

ERWin

Windows

Microsoft Visio 2007 Windows

CONTAIN


Embarcadero ER/Studio


Sybase

PowerDesigner

All

Microsoft Visio (all

versions previous to 2003)

IBM / Rational

Modeler/Software Architect

Windows

IBM/Rational Rose/XDE

Windows

Sparx Systems

Enterprise Architect

Windows

Sparx Systems MDG

Integration for Visual Studio 2005

Windows

Borland Together All OA Standard, not L&I

MagicDraw UML All OA Standard, not L&I

Computer Associates

Groundworks



25

RETIRE


IBM Rational Rose

XDE Modeler


IBM Rational Rose XDE Developer for

Java


IBM Rational Rose

Developer XDE for Visual Studio


Oracle Designer All OA Standard, not L&I


EMERGING / RESEARCH


Microsoft Visio 2010 Windows


Requirements, Data and Object Modeling are available at Appendix.


26


Date Issued:


Domain: Application


Technology: Development Tools – Messaging

Document Title:

Referenced by:


CURRENT STANDARDS


MPKI for SSL

HTTP & HTTPS

SMTP

XML

Namespaces in XML

XML Information Set

SOAP

WS-Addressing

MTOM

WS-Eventing

WS-ReliableMessaging

Web Services Security SOAP Message Security

Web Services Security

UsernameToken Profile


X.509 Certificate Token Profile

WS-SecurityPolicy

WS-Trust

WS-SecureConversation

WS-Federation

WS-Federation Active Requestor Profile

WS-Federation Passive

Requestor Profile


Kerberos Binding

WS-Coordination

WSDL


27


UDDI

WS-Policy

WS-PolicyAssertions

WS-PolicyAttachment

WS-Discovery

WS-MetadataExchange

WS-BusinessActivity

WS-AtomicTransaction

CONTAIN


CORBA All

Microsoft COM/COM+ All

Microsoft ActiveX All

Microsoft DCOM All

RETIRE


Oracle CASE*Method All OA Standard, not L&I

EMERGING / RESEARCH



28


Date Issued:


Domain: Application


Technology: Development Tools – Report Development

Document Title:

Referenced by:


CURRENT STANDARDS


Business Objects Enterprise/Crystal

Reports

Windows, AIX L&I Standard, not OA

SAS Windows L&I Standard, not OA

Microsoft SQL Server

Reporting Services

Windows

CONTAIN


Oracle Reports All L&I Standard, not OA

RETIRE


CA - Easytrieve Z / OS L&I Standard, not OA

EMERGING / RESEARCH



29


Date Issued:


Domain: Application


Technology: Development Tools – Report Distribution

Document Title:

Referenced by:


CURRENT STANDARDS


Cypress Report

Distribution Manager


Business Objects

Enterprise

Windows, AIX L&I Standard, not OA

CONTAIN


RETIRE


EMERGING / RESEARCH



30


Date Issued:


Domain: Application


Technology: Development Tools – Help

Document Title:

Referenced by:


CURRENT STANDARDS


Adobe RoboHelp Windows L&I Standard, not OA

Oracle UPK Pro 6.2

(previously Ondemand)


CONTAIN


ComponentOne Doc To

Help


RETIRE


EMERGING / RESEARCH



31


Date Issued:


Domain: Application


Technology: Development Tools – Rules Engines

Document Title:

Referenced by:


CURRENT STANDARDS


Corticon

CONTAIN


RETIRE


EMERGING / RESEARCH



32


Date Issued:


Domain: Application


Technology: Development Tools – SOA Registry and Repository

Document Title:

Referenced by:


CURRENT STANDARDS


CentraSite ActiveSOA

CONTAIN


RETIRE


EMERGING / RESEARCH



33


Date Issued:


Domain: Application


Technology: Web Information Servers

Document Title:

Referenced by:


CURRENT STANDARDS


Microsoft Internet Information Server

(IIS) 7.0

Windows

IBM HTTP Server Windows/AIX/Solaris

Apache Web Server Windows/AIX/Solaris

CONTAIN


Oracle HTTP Server

10g

All

Microsoft Internet Information Server 5.x

All


(IIS) 6.0

RETIRE



34

EMERGING / RESEARCH


Microsoft Internet

Information Server (IIS) 7.5


35


Date Issued:


Domain: Application


Technology: Web Application Servers

Document Title:

Referenced by:


CURRENT STANDARDS



(IIS) 7.0

Windows

Oracle WebLogic Application Server

Windows/AIX/Solaris

IBM WebSphere Application Server

All

JBoss Application

Server

All

Apache Tomcat All

SAP NetWeaver

Application Server1

All

CONTAIN


Sun Microsystems Java System Application

Server

All

Oracle Application Server 10g

All

Microsoft Internet Information Server 5.s

All

Microsoft Internet



36

RETIRE


EMERGING / RESEARCH


Microsoft Internet



37


Date Issued:


Domain: Application

Discipline: User Interaction

Technology: Portal

Document Title:

Referenced by:


CURRENT STANDARDS


Oracle WebCenter1 All

CONTAIN


RETIRE


DSF Version 2.2.03p3 Windows 12/2009

EMERGING / RESEARCH



38


Date Issued:


Domain: Application

Discipline: Application Development Management

Technology: Management Tools – Requirements Definition Lifecycle

Document Title:

Referenced by:


CURRENT STANDARDS


Requirements Center (Blueprint)


CONTAIN


RETIRE


EMERGING / RESEARCH



39


Date Issued:


Domain: Application


Technology: Management Tools – Requirements Management

Document Title:

Referenced by:


CURRENT STANDARDS


HP Quality Center Windows

Microsoft Team Foundation Server 2008

Windows

CONTAIN


IBM/Rational Unified

Process


IBM / Rational

RequisitePro

Windows

Borland Caliber-RM All OA Standard, not L&I

Telelogic DOORS All OA Standard, not L&I

RETIRE



40

EMERGING / RESEARCH


The most current OA-OIT Application Domain Standards for Management

Tools – Requirements Management are available at Appendix.


41


Date Issued:


Domain: Application


Technology: Management Tools – Software Configuration Management

Document Title:

Referenced by:


CURRENT STANDARDS


Microsoft Team

Foundation Server 2008 (TFS 2008)

Windows

CONTAIN


Microsoft Visual SourceSafe

Windows

IBM / Rational ClearCase

Windows, AIX, Solaris

IBM Rational Clearcase

LT

All

IBM Rational ClearCase

Multisite

All

RETIRE


PVCS All L&I Standard, not OA Retire by 12/31/2007


42

EMERGING / RESEARCH


The most current OA-OIT Application Domain Standards for Management Tools – Software

Configuration Management are available at Appendix.


43


Date Issued:


Domain: Application


Technology: Management Tools – Software Change Management

Document Title:

Referenced by:


CURRENT STANDARDS


Endevor Z / OS L&I Standard, not OA

HP Quality Center Windows

CONTAIN


IBM / Rational

ClearQuest

Windows, AIX, Solaris

IBM Rational

ClearQuest Multisite

All

RETIRE



44

EMERGING / RESEARCH


The most current OA-OIT Application Domain Standards for Management Tools – Software Change Management are available at Appendix.


45


Date Issued:


Domain: Application


Technology: Management Tools – Job Scheduler

Document Title:

Referenced by:


CURRENT STANDARDS


Dollar Universe Windows, AIX L&I Standard, not OA

Tivoli Workload Scheduler (TWS)

IBM Mainframe

CONTAIN


RETIRE


EMERGING/RESEARCH



46

Information and Integration Standards


Date Issued:


Domain: Information and Integration

Discipline:

Abstract

The purpose of our committee is to gather information about the current database systems and database management tools used at L&I. From that

information, we are to recommend standards for future database development that will be used by all bureaus within the department.

Standards

General

Refresh Schedule

All standards identified in this document will be subject to review and

possible revision annually or upon request by the L&I –OIT Standards Committee.


In the event of a need for an exemption, for reasons such as the need to comply

with requirements for a Federally mandated system, an „Enterprise Standards Waiver Request‟ form must be submitted via e-mail to: L&I Software Review

Committee.


http://pubcontent.state.pa.us/publishedcontent/publish/global/files/itbs/project_management_itbs/itb_epm003/it_procurement_waiver_review_form_rev__2007_07_18.doc

http://pubcontent.state.pa.us/publishedcontent/publish/global/files/itbs/project_management_itbs/itb_epm003/it_procurement_waiver_review_form_rev__2007_07_18.doc


47

Questions

Questions regarding this general standards statement should be directed to

Edward Bowlen, Chief, Standards Development and Compliance Division, Bureau of Enterprise Architecture, at [email protected].



48

Issued by: L&I OIT Enterprise Standards Steering Committee Date Issued: Date Revised: 07-08-2010 Domain: Information and Integration

Discipline Data Management

Technology Relational DBMS

Document Title:

Referenced by:


CURRENT STANDARDS


MS SQL Server

2008

Windows

IBM DB2/400 v5.3 AS/400

Oracle 11g R2 Windows, AIX

CONTAIN


IBM DB2/400 AS/400

IBM DB2 UDB v7.2, v8.1, v8.2

Mainframe, Windows, AIX

IBM DB2 v7.2 Mainframe, Windows,

AIX

Sybase Adaptive

Server Enterprise 15

AIX

MS SQL Server 2005

Management Studio v9.00.1399

Windows

IBM DB2 UDB v9 AIX

Oracle 10g, 11g R1 Windows, AIX

RETIRE


MS Sql Server 2000 Windows

Sybase Adaptive

Server Enterprise 12.5.0.3

AIX


49


Oracle 9i and earlier Windows, AIX

EMERGING / RESEARCH


SQL Server 2008

R2(SQL Server 2010)

Windows


50



Technology Data & Database Modeling Tools

Document Title:

Referenced by:


CURRENT STANDARDS


Embarcadero

ER/Studio 8.0.1

AIX

Erwin Data Modeler v4.1.2208, v

4.1.4.4224

Windows

Visio Enterprise Architect

OA Standard

CONTAIN


Select SE Data

Modeler

Desktop, Windows

2000

Erwin Data Modeler R7.1.0.1075

Windows

Rational Rose Data Modeler

Oracle Designer Oracle

RETIRE



51

EMERGING / RESEARCH


Embarcadero ER/Studio

8.1.3

Desktop, Windows

2000


52



Technology Database Administration Tools

Document Title:

Referenced by:


CURRENT STANDARDS


Embarcadero Technologies DBArtisan

v8

Quest Software Toad

XPERT with DBA Module

V9.0

Windows

Hummingbird Exceed AIX

CONTAIN


Embarcadero

Technologies DBArtisan 8.0.1

Desktop, Windows

2000

Embarcadero

Technologies DBArtisan v8.1.2

Windows

Rational Rose

RETIRE



53

EMERGING / RESEARCH


Quest Software Toad

Suite w/DBA Module

Windows


54


Discipline Messaging

Technology Message Oriented Middleware

Document Title:

Referenced by:


CURRENT STANDARDS


webMethods All

CONTAIN


IBM WebSphere MQ v6.0

All

RETIRE


IBM MQ Series v5.3 and prior

All

EMERGING / RESEARCH



55

Issued by: L&I OIT Enterprise Standards Steering Committee Date Issued: 09-12-2007 Date Revised: 07-08-2010 Domain: Information and Integration

Discipline File Transfer Protocol

Technology FTP Clients

Document Title:

Referenced by:


CURRENT STANDARDS


WS_FTP Pro Windows

Tumbleweed Windows, AIX,

Linux, Solaris

MOVEit Windows

CONTAIN


RETIRE


EMERGING / RESEARCH



56

Issued by: L&I OIT Enterprise Standards Steering Committee Date Issued: 05-11-2010 Date Revised: 07-16-2010 Domain: Information and Integration

Discipline Electronic Documents

Technology Electronic Document Management

Document Title:

Referenced by:


CURRENT STANDARDS


FileNet P8 All

CONTAIN


OnBase

IBM Content Manager

RETIRE


EMERGING / RESEARCH



57

Network Standards


Date Issued:


Domain: Network Infrastructure

Discipline:

Abstract

Network Infrastructure provides the transport path between applications and users

Standards

General

Refresh Schedule

All standards identified in this document will be subject to review and possible

revision annually or upon request by the L&I –OIT Standards Committee.



with requirements for a Federally mandated system, an „Enterprise Standards Waiver Request‟ form must be submitted via e-mail to: L&I Software Review

Committee.

For additional information, see the Appendix..

Questions



Local%20Settings/Temporary%20Internet%20Files/OLK2C/Enterprise_Standards_Published/Standards%20Waiver%20Request%20.doc

Local%20Settings/Temporary%20Internet%20Files/OLK2C/Enterprise_Standards_Published/Standards%20Waiver%20Request%20.doc



58


Date Issued:


Domain: Network

Discipline Physical Network

Technology Local Area Network (LAN) Physical Infrastructure (Layer 1)

Document Title:

Referenced by:


CURRENT STANDARDS


Category 6 UTP, RJ-45

Multimode, Single

Mode

Fiber, ST, SC, LC

CONTAIN


Category 5e UTP, RJ-45

RETIRE


Type 1 STP, RJ-45

EMERGING / RESEARCH


RF, wireless Access points to edge network devices


59


Date Issued:


Domain: Network

Discipline Physical Network

Technology Wide Area Network (WAN) Physical Infrastructure (Layer 1)

Document Title:

Referenced by:


CURRENT STANDARDS


Category 5e UTP, RJ-48

Multimode Fiber, SC, LC

Coaxial RG-59U, BNC

CONTAIN


RETIRE


EMERGING / RESEARCH



60


Date Issued:


Domain: Network

Discipline Network Protocols

Technology Local Area Network (LAN) Layer 2 Protocols

Document Title:

Referenced by:


CURRENT STANDARDS


FastEthernet, Gigabit Ethernet

Core, distribution and access layers

CONTAIN


ATM Core, distribution and access layers

LANE Cisco, IBM

SNA Cisco, IBM, CNT

RETIRE


Token Ring Access layer

EMERGING / RESEARCH


Wireless – 802.11i(WPA2)

Access points to edge devices


61


Date Issued:


Domain: Network


Technology Wide Area Network (WAN) Layer 2 Protocols

Document Title:

Referenced by:


CURRENT STANDARDS


Frame Relay, ATM Cisco, Provider

SONET Provider

DSL, Cable Provider Broadband

Site to Site VPN Checkpoint, Cisco

CONTAIN


LLC2 Cisco

RETIRE


EMERGING / RESEARCH


Metro-Ethernet Variable


62


Date Issued:


Domain: Network


Technology Local Area Network (LAN) Layer 3 & 4 Protocols

Document Title:

Referenced by:


CURRENT STANDARDS


TCP/IPv4 Core, distribution and

access layers

CONTAIN


RETIRE


EMERGING / RESEARCH


TCP/IPv6 Core, distribution and access layers


63


Date Issued:


Domain: Network

Discipline Network Services

Technology Routing

Document Title:

Referenced by:


CURRENT STANDARDS


Vendor Cisco

Routing Protocols EIGRP, OSPF, MPLS,

RIPv2

CONTAIN


RETIRE


Vendor IBM

EMERGING / RESEARCH



64


Date Issued:


Domain: Network


Technology Switching

Document Title:

Referenced by:


CURRENT STANDARDS


Vendor Cisco

Switching Standards ARPA, 802.1D,

802.1Q, ISL, 802.1X, 802.3ad, MPLS

CONTAIN


Vendor IBM

Standards ATM, UNI, NNI

RETIRE


EMERGING / RESEARCH


Switchport Security 802.1X


65


Date Issued:


Domain: Network


Technology Concentrator/Hub

Document Title:

Referenced by:


CURRENT STANDARDS


CONTAIN


RETIRE


Token Ring IBM MAU

EMERGING / RESEARCH



66


Date Issued:


Domain: Network


Technology Bridging

Document Title:

Referenced by:


CURRENT STANDARDS


DLSw (SNA to IP) Cisco

CONTAIN


RETIRE


EMERGING / RESEARCH



67


Date Issued:


Domain: Network


Technology Adapter Cards

Document Title:

Referenced by:


CURRENT STANDARDS


Ethernet 100/1000 Mbps

CONTAIN


Ethernet 10 Mbps

ATM 25/155 Mbps

RETIRE


Token Ring 16/4 Mbps

EMERGING / RESEARCH


Carrier Wireless LAN Cisco


68


Date Issued:


Domain: Network

Discipline Network Management

Technology Modems

Document Title:

Referenced by:


CURRENT STANDARDS


All V.34, V.42, V.90

CONTAIN


RETIRE


EMERGING / RESEARCH



69


Date Issued:


Domain: Network


Technology Remote Access Methods and Technology

Document Title:

Referenced by:


CURRENT STANDARDS


Dial-Up RADIUS Secure ID OA Policy

VPN Juniper SSL VPN Appliance

OA Policy

FireWall Juniper Firewalls OA Policy

CONTAIN


VPN Cisco, CheckPoint OA Policy

RETIRE


EMERGING / RESEARCH



70

Text from the Verizon Transition Review of OA ITB‟s

Verizon Review of the COPA Security ITB’s

Recommendations for changes/enhancements resulting from our solution: STD NET006A – Needs to be updated to include the Juniper SSL VPN

Appliance as well as the Juniper Firewalls.

ITB NET006 - The section on split tunneling should be reviewed to ensure that it is in keeping with current requirements and the endpoint defense

capabilities provided in the new solution. The section on two factor authentication should be reviewed and updated as necessary to fit the

current plan for authentication.

STD-SEC011A should be updated to include the Juniper Firewalls as meeting

the COPA requirements or provide a waiver for our use of the Juniper Firewalls

ITB-SEC003 will need to be re-written as it directs each agency to deploy

content filtering. This will no longer be needed as the filtering will be accomplished at the enterprise level.

STD SEC003A will need to be rewritten as it lists SurfControl as the content

filtering solution and Blue Coat as not recommended.

BPD-SEC003B will need to be revised as it requires content filtering at the agency level and lists SurfControl as the required product.

OPD-SEC003C should be reviewed by CoPA security as it lists only a few

categories COPA may want to add additional categories to the list.


71


Date Issued:


Domain: Network


Technology Network Diagram Technologies

Document Title:

Referenced by:


CURRENT STANDARDS


Network layers 1 Visio 2007, Autocad L&I Standards

Network layers 2, 3,

and 4

Visio 2007

CONTAIN


Network layers 1 Visio 2003, Autocad L&I Standards

Network layers 2, 3, and 4

Visio 2003

RETIRE


EMERGING / RESEARCH



72


Date Issued:


Domain: Network


Technology Instant Messaging

Document Title:

Referenced by:


CURRENT STANDARDS


Omnipod All OA Waiver needed

Note: In compliance

with OA ITB/directives, no other technology is

listed here

CONTAIN


RETIRE


EMERGING / RESEARCH



73


Date Issued:


Domain: Network


Technology Network Management Tools

Document Title:

Referenced by:


CURRENT STANDARDS


IBM Tivoli Network Management Suite: 1. Tivoli Netview v7.1.5

2. Tivoli Risk Mgr v4.2

AIX, Linux, Windows

Cisco LMS AIX, Linux, Windows

NetView, Syslog

Event Logging

AIX, Linux, Windows

Network General Protocol Analyzer

Windows, Linux

Solar Winds Network Monitoring

Windows

MRTG Bandwidth

Utilization

Windows, Linux

CONTAIN


RETIRE



74

EMERGING / RESEARCH


Network Security GFI LANGuard,

Nessus

Netlow All


75

Platform Standards


Date Issued:


Domain: Platform

Discipline: Infrastructure

Abstract

Platforms provide the physical hardware to run applications in both a local

and distributed environment. The Platform Domain also encompasses enterprise software running on both desktops and servers.

Standards

General

Refresh Schedule


possible revision annually or upon request by the L&I–OIT Standards

Committee.


In the event of a need for an exemption, for reasons such as the need to comply with requirements for a Federally mandated system, an „Enterprise Standards

Waiver Request‟ form must be submitted via e-mail to: L&I Software Review Committee.

For additional information, see the Appendix.

Questions


Edward Bowlen, Chief, Standards Development and Compliance Division,


http://www.oaesf.state.pa.us/sites/EA/Standards%20Waiver%20Request%20.doc




76


Date Issued:


Domain: Platform

Discipline Infrastructure

Technology PC Hardware

Document Title:

Referenced by:


CURRENT STANDARDS


Desktop,

Standard Version

The Commonwealth of Pa

currently has purchasing contract number 5850-01 in place with

Dell. Please refer to http://www1.us.dell.com/content/

for current available PC configurations.

Desktop, High

End Version

Laptop,

Standard

Laptop, High End

CONTAIN


Intel Pentium III Based Systems

Varies

RETIRE


Intel Pentium II Based Systems

Varies


77

EMERGING / RESEARCH


64 Bit CPUs Intel and AMD


78


Date Issued:


Domain: Platform


Technology PC Operating System

Document Title:

Referenced by:


CURRENT STANDARDS


Windows XP; SP 3 Desktops, Laptops

CONTAIN


RETIRE


Windows 2000; SP 4 Desktops, Laptops

EMERGING / RESEARCH


Windows 7 Desktops, Laptops


79


Date Issued:


Domain: Platform


Technology PC Enterprise Software

Document Title:

Referenced by:


CURRENT STANDARDS


MS Office 2007; SP2 Desktops, Laptops

Microsoft Internet Explorer 7.0

Desktops, Laptops

MS OneNote 2007 Desktops, Laptops

IBM Personal Communications 5.0

Desktops, Laptops

IBM Iseries Access for Windows Workstation

5.3

Desktops, Laptops

SafeBoot V5.1.2.0

Desktops, Laptops DLI loading on laptops only for now, while

resolving licensing issues

MS Visio 2007 Desktops, Laptops

MS Project 2007 Desktops, Laptops

CONTAIN


MS Visio 2003 Desktops, Laptops

MS Project 2003 Desktops, Laptops

MS Office 2002; SP3 Desktops, Laptops

RETIRE


Windows 2000 Desktops, Laptops

MS Office 2000 Desktops, Laptops

Microsoft Internet

Explorer 6.0

Desktops, Laptops


80

EMERGING / RESEARCH


Office 2010 Desktops, Laptops

Microsoft Internet

Explorer 8.0

Desktops, Laptops

Mozilla Firefox browser Desktops, Laptops DLI Waiver required for installation of this

software


81


Date Issued:


Domain: Platform


Technology Intel Server Hardware

Document Title:

Referenced by:


CURRENT STANDARDS


Small Server IBM x3650 M3 Intel Xeon 4 to 6 Core x64

Medium Server IBM x3850 x5, x3755 Intel Xeon 4 to 8 Core x64

Large Server IBM x3950 x5 Intel Xeon 4 to 8 Core

x64

CONTAIN


Intel PIV Based Systems

x3650, x3850, x3950

Blade Server IBM BladeCenter H

RETIRE



x345, x346, x365, x366, x445, x460

Intel Pentium III Based Systems

All

Intel Pentium II

Based Systems

Varies

Intel PIV Based

Systems

x440, x360

Dell Servers All

Intel Pentium I

Based Systems

All


82

EMERGING / RESEARCH



Intel Xeon 8+ Core

64 Bit CPUs Intel, AMD


83


Date Issued:


Domain: Platform


Technology Intel Server Operating System

Document Title:

Referenced by:


CURRENT STANDARDS


Microsoft Windows 2008 Enterprise

Edition; SP2

Windows Servers 32 or 64 Bit

Microsoft Windows

2008 Standard

Edition; SP2


Microsoft Windows

2008 Enterprise Edition R2

Windows Servers 64 Bit

Microsoft Windows

2008 Standard Edition R2

Windows Servers 64 Bit

CONTAIN


Microsoft Windows

2003 Enterprise Edition; SP2


Microsoft Windows 2003 Enterprise

Edition R2

Windows Server 32 or 64 Bit


84

RETIRE


Windows NT 4.0 Windows Servers

Microsoft Windows

2000 Advanced

Server

Windows Servers

EMERGING / RESEARCH


Microsoft Windows 8 Enterprise Edition

R2; SP2

Windows Servers 32 Bit or 64


85


Date Issued:


Domain: Platform


Technology UNIX Server Hardware

Document Title:

Referenced by:


CURRENT STANDARDS


Medium Server IBM P 7 Servers

Large Server IBM P780

CONTAIN


Small Server 7026 Legacy Field Office servers

Small Server 7028-6E1 Legacy Field Office

servers

Small Server 7029 Legacy Field Office

servers

Medium Server IBM P520

Large Server IBM P570

RETIRE


Small Server 7025-F50

EMERGING / RESEARCH


Processor Power 8 servers


86


Date Issued:


Domain: Platform


Technology UNIX Server Operating System

Document Title:

Referenced by:


CURRENT STANDARDS


AIX 6.1.4 AIX Servers

Red Hat Enterprise 5.4

Linux Servers

Red Hat Enterprise

5.4 Advanced

Linux Servers

CONTAIN


AIX 5.3, 6.1.3 or below

AIX Servers

Red Hat Enterprise 4.x

Linux Servers

RETIRE


AIX 5.2.x AIX Servers

Red Hat Enterprise 3.x

Linux Servers

EMERGING / RESEARCH


AIX 7.x AIX Servers

Red Hat 6.x Linux Servers


87


Date Issued:


Domain: Platform


Technology Server Enterprise Software

Document Title:

Referenced by:


CURRENT STANDARDS


IBM Tivoli Monitoring Suite:

1. ITM v6.2.1

2. ITM for Databases

v6.1/6.2

3. ITCAM for RTT v7.1

4. TDW v2.1

5. TEC v3.9

6. Tivoli Framework

v4.1.1

7. Alignsync

Alarmpoint v4.1

AIX and Windows Servers

IBM Tivoli Storage Manager 5.4


IBM Director 6.x Windows Servers

SCCM 2007 SP2 Windows Servers

CONTAIN


IBM Tivoli Monitoring Suite:

1. ITM v6.2

2. ITM for Databases

v6.1

3. ITCAM for RTT

v6.1

4. Alignsync

Alarmpoint v3.2

and v4.0


ITM v5.1 AIX and Windows Servers


88


ITM for Databases v5.1


TMTP v5.1 AIX and Windows

Servers

TEDW v5.1.2 AIX and Windows

Servers

RETIRE


IBM Director Windows Servers V5 and lower

SMS Windows Servers 2.0, 1.2

Microsoft Systems Management Server

2003

Windows Servers

EMERGING / RESEARCH


System Center

Configuration Manager 2007 +

Windows Servers

ITM v6.2 AIX and Windows

Servers


89


Date Issued: 06-4-2007


Domain: Platform


Technology Virtual Server Technology

Document Title:

Referenced by:


CURRENT STANDARDS


VMware ESX Server 4.x

Windows & Linux Servers

VMware ESXi 4 Windows & Linux Servers

VMware Virtual

Infrastructure Enterprise 4.x

Windows & Linux

Servers

VMware VCenter 4 Windows Servers

VMware Workstation 6.0 & 6.5

Workstations running Linux or Windows OS

MS Virtual PC 2007 Workstations running Windows only

AIX Power 7 AIX LPARs

CONTAIN


VMware ESX Server

2.x

Windows Servers L&I, Treasury Only

VMware

VirtualCenter 1.x

Windows Servers L&I, Treasury Only

MS Virtual PC 2004 Workstations running Windows only

Test & Development only

VMware Workstation 5.5

VMware Workstation 6.0

Workstations running Linux or Windows OS

Test & Development only

AIX 5 , 6 AIX LPARS


90

RETIRE


VMware ESX Server

3.x

Windows Servers

VMware Virtual Infrastructure

Enterprise 3.x

Windows Servers

VMware

VirtualCenter 2.x

Windows Servers

EMERGING / RESEARCH


VMware ESXi 5 Windows & Linux Servers

AIX Power 8 AIX LPARs

VMware VC 5 Windows Servers


91




Domain: Platform


Technology Storage Area Network

Document Title:

Referenced by:


CURRENT STANDARDS


IBM DS 8000 Family AIX and Windows Servers

146GB and 300GB drives

IBM XIV AIX and Windows Servers

1 TB SATA drives

CONTAIN


RETIRE


IBM Shark 800 AIX and Windows Servers

EMERGING / RESEARCH


XIV AIX and Windows Servers

FC and Solid State Drives


92




Domain: Platform


Technology Storage Area Network Fabric Switches

Document Title:

Referenced by:


CURRENT STANDARDS


Cisco SAN Switch - MDS-C9513

All

CONTAIN


RETIRE


Inrange SAN

Switches

All

EMERGING / RESEARCH


IBM/Cisco 9500 All


93


Date Issued: 6/7/2007


Domain: Platform

Discipline: Infrastructure

Technology: Network Printing

Document Title:

Referenced by:


CURRENT STANDARDS


Network B&W Printer Lexmark T644DN

Network Color

Printer

HP Color Laser

3800DN

CONTAIN


Duplex functionality

Secure Print

(requires internal hard drive)

128MB Ram B&W

256 MB Ram Color

RETIRE


EMERGING / RESEARCH



94


Date Issued:


Domain: Platform


Technology Backup/Recovery Storage - Tape

Document Title:

Referenced by:


CURRENT STANDARDS


IBM 3494 Tape

Library

AIX and Windows

Servers

IBM 3584 Tape Library


CONTAIN


RETIRE


EMERGING / RESEARCH



95

Project Management Standards


Date Issued:


Domain: Enterprise Project Management Methodology (EPMM)

Discipline: MS desktop solution until CWOPA standard is selected

Abstract

The OA/OIT Project Management Domain Team defined a solution, standard and methodology for EPMM including project prioritization/project

management and portfolio management. The product selected by this team is Clarity, which permits the use of MS Project for the creation of a project

plan with no associated resources. L&I only uses Clarity for submission of Community of Practice proposals and has a very limited number of Clarity

licenses.

Standards

August 25, 2004 – Enterprise Project Management Framework, signed by Art Stephens

can be found by going to the following link and selecting Enterprise Project

Management Framework 08/25/2004 in the „Memos‟ link.

For additional information see the Appendix.

General

DLI-OIT's Project Management Office (PMO) developed a project management methodology (PMM) for use by all areas of OIT. The

methodology breaks the project management life cycle into five phases consisting of project strategy, initiation, planning, execution/control

(including the software development life cycle) and closeout. MS Office-based templates have been created for use with most of the tasks associated

with each of the PMM phases and should be used for all projects as appropriate. The PMO has issued recommendations regarding which

standard project management templates and tasks should be required and

recommended for the various types and sizes of projects. A standard project management approach will enable OIT to engage more organized

and efficient IT projects involving more accurate budgets and schedules than


96

were available prior to the introduction of the project management

methodology.

Refresh Schedule

All standards identified in this document will be subject to review and possible revision annually or upon request by the L&I -OIT Standards

Committee.



with requirements for a federally mandated system, an „Enterprise Standards Waiver Request‟ form must be submitted via e-mail to: L&I Software Review

Committee.


Questions

Questions regarding this general standard statement should be directed to






97




Domain: Enterprise Project Management Methodology

Discipline Project Management Methodology

Technology MS Project, MS Project Viewer, Clarity

Document Title:

Referenced by:


CURRENT STANDARDS


L&I PMM Desktops

MS Project 2007 Desktops

MS Project Viewer Desktops

CONTAIN


MS Project 2003 Desktops

RETIRE


EMERGING / RESEARCH


Open Workbench Desktops

Clarity 7.5.3 Servers

Clarity 8 Servers


98

Security Standards


Date Issued:


Domain: Security

Discipline:

Abstract

In order to provide and maintain an IT processing environment that assures the integrity, confidentiality, and availability of information for the customers

of the Department of Labor & Industry, there needs to be an agreed upon and enforceable set of IT security standards. These standards are to be

compliant with all existing Commonwealth standards issued by the OA. Additionally any requirements mandated by the Federal government, as

communicated by annual external audit findings must also be adhered to. Also, in conjunction with existing OA standards, other industry security

standards, such as those from the National Institute of Standards and Technology (NIST) and the British Standard, BS 7799 (also known as IS

17799) are to be incorporated as needed.

The IT categories that will be reviewed include: Operating Systems

Applications

Data Base Network

Guiding Points

What is information security?

Information security is the process of protecting data from accidental or intentional misuse by persons inside or outside of an organization, including

employees and consultants. A security breach can involve anything from a computer virus, to an employee who inadvertently discloses his password, to

a former employee or consultant who sabotages a customer database.

Information security is always about balancing the risks versus the rewards of doing business electronically.

Information security should be modeled by holistic security architecture. A holistic security architecture means integrating security into the life cycle of


99

the system/resource to be protected. It shouldn‟t be just an add-on in

response to an immediate security breach. Security should be implemented as part of an ongoing proactive security posture.

Any security methodology should incorporate the following principles:

Least privilege - minimum access, and nothing more, is given to a user

to only perform specific tasks required for that employee to fulfill their job duties.

Separation of Duties - access must be structured to permit functions to be given individually to different users, if necessary, and not

universally available.

To satisfy the needs of robust security architecture, there are certain standard security services that are always needed: authentication,

authorization, auditing (which includes logging facilities), and intrusion

detection.

Standards

Identification and Authentication of Users on New L&I Computer

Systems C-301 (Rev June 21, 2010)

L&I Network Security Policy & Standards – July 7th, 2010

L&I Network Security Architecture design – May 13, 2003

Domain Security and Audit Policies (DRAFT) May 5, 2005

Application Access Control C-306 - July 10, 2007

Data Encryption Standards C-320 – February 12, 2009

Information Technology Asset Restrictions Policy C-330 – February 12, 2009


100

General

Operating Systems Operational Standards

Rationale

Users are responsible for activities

performed under their personal id. Users

must set their own passwords.

OA ITB SEC007

Users must log off and/or secure workstations when not in use.

OA ITB SEC007

Systems must have the ability to identify what user ID‟s are currently logged on to

that system and must provide an audit trail of user activities.

Insures user auditabilty

Passwords must be comprised of a

minimum of eight (8) alphanumeric characters and must include characters

from at least three of the four categories used for CWOPA password authentication.

Character selection is

compatible with CWOPA requirements.

Provides optimum protection concerning

password cracking.

CWOPA Passwords are to be changed every

60 days. They may not be changed more than once every fifteen (15) days.

OA ITB SEC007

Password files should be non- retrievable

(only accessible to the security administrator, not viewed by the user).

OA ITB SEC007

Encrypt passwords during storage and during transmission over networks.

Commonly accepted security practice-

assures confidentiality of password.

Passwords should be stored in a

confidential manner. This includes

hardcopy or as data on any electronic format.

Commonly accepted

security practice-

assures confidentiality of password


101


Rationale

Identify and reset vendor supplied default

passwords before the information system is used in a production mode.

OA ITB SEC007

Document and control user ID‟s and passwords with special privileges.

Satisfies GAAP audit requirements.

Do not embed or hard-code passwords into

an information system.

OA ITB SEC007

Uniquely identify each user to a system

with an id that is associated only with that user.

Office of Administration

(OA) Information Technology Bulletin

(ITB) SEC007

Each employee who requires a user ID is to

have only one user ID unless approved in writing by the security administrator.

Insures user auditabilty

and stability of user security administration.

Authenticate users before allowing them to perform any activities.

OA ITB SEC007

Enable time-out features after a specific

period of time, preferably for 15-30 minutes of inactivity.

OA ITB SEC007

Limit unsuccessful logon attempts. Temporarily lockout the user id when three

(3) unsuccessful attempts are reached.

OA ITB SEC007

Maintain audit logs that capture information on password logins and

attempted logins.

Identifies denial of service attacks and

user Signon problem

areas.

Limit display to necessary information such as the user id and password prompts

during the logon process.

OA ITB SEC007

Do not display passwords on screens in

clear-text during the logon or other processes.

OA ITB SEC007


102


Rationale

While this may not be feasible in all

situations, it is recommended that after a user has successfully completed the

identification process, the user receive

display information such as prior logon history to enable the user to verify prior

logons.

Facilitates ongoing

security awareness, i.e. this helps individual

users detect

whether someone else has illicitly obtained his

or her password.

Permit only authorized security administration staff to enable and/or re-

enable a user id.

Insures integrity of userid password

methodology and satisfies external audit

requirements.

A Banner page Disclaimer addressing

responsibilities relative to the use of the password, Commonwealth information

accessed, and equipment used (PCs or other information technology equipment)

must be included and viewable by each user prior to Logon.

OA ITB SEC007

Management Directive 205.34

Users are prohibited from logging into the

system anonymously (for example, by using "guest" user IDs).

OA ITB SEC007

Reference OIT Policy C-301-Identification and Authentication of Users on New L&I

Computer Systems (Rev 2010) for additional standards for Business Entity

Users and Public Users.


103

Application Operational Standards

Rationale

Applications will utilize the L&I Standard for Role Based Security (Computer

Associates SitemInder/Identity Manager suite) for Identity and Access Managemnt

(IAM).

Authenticity of individual users is

critical to the overall integrity of the

application.

Applications should log user access

attempts, and maintain audit records of activity that can be traced to individual

users. Access to these audit records should be restricted to a limited number of

security officers. Applications should also log the use of security override functions

and administrator changes to security databases.

Promotes user

auditability and stability of user security

administration.

Administrative users should not be granted universal access unless required to perform

extensive, daily reviews of application logs and audit records.

Separation of duties is essential to maintaining

confidentiality and integrity of application

data.

An authorization framework should be implemented for direct access to

application resources. This will be, Role-

Based Access Control through the L&I IAM standard. The framework must provide for

both technical and administrative access control.

Insuring the authenticity of users

and related access can

facilitate high application availability.

The number of roles should be limited, and

a risk analysis should be conducted to confirm that each role represents an

adequate separation of duties and has access to the appropriate level of sensitive

and confidential information.

Management Directive

205.37, Role Assignment, Security

and Internal Control Maintenance.


104

Application Operational Standards

Rationale

“The Principle of Least Privilege” should be

used as a guideline for defining user and role access. That is, users should be given

the minimum level of access necessary to

perform the

Essential to maintaining

confidentiality and integrity of application

data.

Work required of them, and should be unable to access any application resource

before access is specifically granted by a designated security officer.

Applications should implement a sufficient

level of action granularity for each

transaction (such as “Add”, “Update”, “Delete” and “Display”), to facilitate

adherence to the “Least Privilege” concept.


confidentiality and

integrity of application data.

Sample scripts should be removed from Production servers.

Reduces potential for access by unauthorized

user.

Utilize SSL (Secure Sockets Layer) protocol to encrypt sensitive application data. All

critical/confidential data must be encrypted in transit as well as at rest as specified in

OA & L&I IT Security Policies.

Essential to maintaining confidentiality,

integrity, and availability of sensitive

application data.

OA ITB SEC031 OA ITB SEC020

L&I C-320

Placement of sensitive data in temporary

directories or access logs should be limited.


confidentiality, integrity, and

availability of sensitive application data.


105

Database Operational Standards

Rationale

Database audit controls should include the creation of audit records at the application,

database and operating system levels.

Insures user auditabilty.

Controls should be implemented to assure

that application, database and system audit records cannot be modified and that

data cannot be accessed once deleted.

Contributes to integrity

of data & audit trail.

Database change controls should include

the requirement that all database changes be formally documented and attributable to

a specific individual.

Contributes to integrity

of data & audit trail.

Access to extremely sensitive data should be sufficiently granular to minimize the

data accessible by any one individual.

Facilitates „Separation of Duties‟

Redundant data should be limited. Contributes to integrity

of data

Unused stored procedures should be deleted

Contributes to availability of data

Network Operational Standards

Rationale

Reference L&I Network Security Policy & Standards document (July 7th, 2010) & L&I

Network Security Architecture Design

document (May 13, 2003)

Refresh Schedule


possible revision annually or upon request by the L&I -OIT Standards Committee.


106


In the event of a need for an exemption, for reasons such as the need to

comply with requirements for a Federally mandated system, an „Enterprise Standards Waiver Request‟ form must be submitted via e-mail to: L&I

Software Review Committee.


Questions

Questions regarding this general standards statement should be directed to Edward Bowlen, Chief, Standards Development and Compliance Division,






107


Date Issued:


Domain: Security

Discipline Host Security

Technology Operating Systems

Document Title:

Referenced by:


CURRENT STANDARDS


CWOPA Authentication

Windows

CONTAIN


RACF IBM Mainframe (z/OS)

IBM I Series Security OS/400

RETIRE


EMERGING / RESEARCH



108


Date Issued:


Domain: Security

Discipline Enterprise Security

Technology Applications

Document Title:

Referenced by:


CURRENT STANDARDS


CWOPA Authentication Windows

CA SiteMinder/Identity Manager

All

CONTAIN


CIMS Security

PowerComp Security AIX

DSF-Ulogin

E-Tides security

Advantage Gen

Security

IBM Mainframe

(z/OS)

RETIRE



109

EMERGING / RESEARCH


Tivoli Identity

Manager

All


110


Date Issued:


Domain: Security


Technology Database

Document Title:

Referenced by:


CURRENT STANDARDS

Security is utilized that is inherent with each operating system. Refer to Relational Database management Systems Domain

CURRENT STANDARDS


Guidance Software enCase v6

Windows, Linux, Others

CONTAIN





Domain: Security


Technology Incident Response

Document Title:

Referenced by:



111

RETIRE


EMERGING / RESEARCH



112

CURRENT STANDARDS


HP Sitescope v 9.50 Windows, Linux, Others

L&I Standard, not OA

HP Webinspect v 7.7.869


HP Devinspect v 5.1 Windows L&I Standard, not OA

HP QAInspect v 5.1 Windows L&I Standard, not OA

CONTAIN


RETIRE


EMERGING / RESEARCH





Domain: Security


Technology Security testing and assessment

Document Title:

Referenced by:



113

Network Security Standards


Date Issued:


Domain: Security

Discipline: Network Security

Abstract

Network Security controls access between authorized users and applications

Standards

Network Security is governed by a Network Security policy and associated standards and guidelines

General

Security Architecture defines the Confidentiality, Integrity, and Availability

(CIA) connectivity relationships between the users and information repositories

Refresh Schedule

All standards identified in this document will be subject to review and possible revision annually or upon request by the L&I -OIT Standards

Committee.


In the event of a need for an exemption, for reasons such as the need to comply with requirements for a Federally mandated system, an „Enterprise

Standards Waiver Request‟ form must be submitted via e-mail to: L&I Software Review Committee.





114

Questions





115


Date Issued:


Domain: Security

Discipline Network Security

Technology Architecture

Document Title:

Referenced by:


CURRENT STANDARDS


Multi-Zoned Security

Model

802.1q tagged network

segmentation of network building blocks to security

zones via firewall. (Checkpoint/Cisco)

CONTAIN


Dual Zone (inside/outside)

Security Model

Checkpoint/Cisco

RETIRE


EMERGING / RESEARCH



116


Date Issued:


Domain: Security


Technology Port Security

Document Title:

Referenced by:


CURRENT STANDARDS


Media Access Control for each PC

connecting to L&I network is

authorized and

bound to its connecting

switchport

Cisco Access Switches (2900 thru 450x)

Lucent QIP

(authorization)

CONTAIN


RETIRE


EMERGING / RESEARCH


Network Admission Control (NAC)

Cisco, McAfee


117


Date Issued:


Domain: Security


Technology Firewall Access Control

Document Title:

Referenced by:


CURRENT STANDARDS


CheckPoint NG/AI Nokia IPSO

CONTAIN


RETIRE


EMERGING / RESEARCH


PIX Cisco

OPD-SEC034A, Enterprise Firewall Rule Set Configurations, identifies those services

that are permitted. (obtain from Information Agency Security Officer)


118


Date Issued:


Domain: Security


Technology Transport Control

Document Title:

Referenced by:


CURRENT STANDARDS


CiscoSecure Access Control Systems

(ACS) – control switch and router access

Cisco Secure ACS-runs on Windows

technology

Lucent QIP 6.2 -

controls user layer 3 network access (IP

addressing via DHCP)

Lucent application-

runs on Linux Redhat (QIPSYBASE)

CONTAIN


Lucent QIP 5.2

RETIRE



119

EMERGING / RESEARCH



120


Date Issued:


Domain: Security


Technology Intrusion Detection

Document Title:

Referenced by:


CURRENT STANDARDS


Snort Analysis Control

for Intrusion Detection (ACID)

Linux Redhat

CONTAIN


RETIRE


EMERGING / RESEARCH



121

Systems Management




Domain: Systems Management

Discipline: IT Service Management

Abstract

This document establishes enterprise-wide standards and guidance for Information Technology Service Management (ITSM) and its effective usage

at Labor and Industry (L&I). The established ITSM standards provide guidance for procurement and support of assets, changes to network

infrastructure, and delivery of service desk support. The ITSM Product and Platform Standards document provides guidance on the current ITSM

product standards and the status of other ITSM solutions that are being used or are being considered for use.


Standards

These technologies meet the requirements of the current architecture and

are recommended for use in developing and implementing ITSM applications that facilitate enterprise-wide interoperability and standardization.


General

This Information applies to all Systems Management within Labor and Industry and establishes enterprise-wide product standards to support the

management of IT Service Support (Incident & Problem Management, Change, Configuration & Release Management and Service Level

Management) to reduce their total cost of ownership. All new ITSM projects are required to use the “Current Standard” product(s) as specified in the Appendix, to deliver this service support functionality.


122

This document, comprised of multiple sections, provides specific procedural

information on the use of the standard ITSM product(s) for each of the primary ITSM functions listed below, as well as additional functionality.

• Asset Management

• Configuration Management • Change Management

• Help Desk Problem Management • Service Level Management

• Release Management

All new ITSM development projects are required to adhere to the operating

standards presented in this document for the design and delivery of ITSM services. Existing production applications are encouraged to adopt these

standards as well.

The main objectives of this policy are to:

• Standardize on ITSM applications that best meet current and future

enterprise requirements. • Increase opportunities to reuse developed ITSM applications, reduce

duplication of efforts, and improve application interoperability. • Increase opportunities for consolidation of like business processes.

• Provide for further standardization on developed ITSM applications. • Leverage existing ITSM applications where appropriate.

A list of ITSM production and operational standards has been compiled and

these standards have applicability across all current standard products and are required to be used for all ITSM application development efforts. If a

specific standard applies only to mission-critical applications, it will be

identified as such.

Definitions of Terms:

Asset Management - Process for the management of the physical inventory of the IT infrastructure. Management tasks include identification, control and

verification of all IT infrastructure hardware, software, networks, maintenance contracts, warranty agreements, etc. to determine current IT

capabilities and support. Provides a comprehensive solution to establish and enforce standard processes that identifies hardware and software asset

costs, attributes, configurations, relationships and usage and manages such throughout the asset lifecycle. Asset management ensures availability of


123

cost-effective and sustained levels of IT service to meet current business

needs and ability to adequately plan future service level needs.

Action Request (AR) System - A flexible foundation for automating complex business processes. Built for adaptability in a continuously changing

business environment, the AR System allows you to rapidly prototype, deploy, maintain and iterate for affordable, continuously optimized

applications.

ITIL (Information Technology Infrastructure Library) – ITIL is a set of concepts and best practices for Information Technology Services

Management (ITSM), IT development and IT operations. The most current version of ITIL is Version 3 and all Remedy applications from Version 7.5 and

newer follow these concepts and best practices.

IT Service Management (ITSM) - a top-down, business driven approach to

the management of IT that specifically addresses the strategic business value generated by the IT organization and the need to deliver a high quality

IT service. IT Service Management is designed to focus on the people, processes and technology issues that IT organizations face. ITSM is used

throughout ITIL Service Support and ITIL Service Delivery disciplines.

Incident Management - Process of rapid restoration of normal service following an event that is not part of standard service operations and that

causes an interruption or reduces the quality of service.

Problem Management - Process of identifying and removing errors in the IT infrastructure and proactively preventing the recurrence of incidents.

Problems are identified by analysis of incidents with common symptoms or analysis of a single significant event.

Change Management - Management of standardized methods processes and procedures for the efficient and prompt handling of IT changes to minimize

the impact of change related incidents on services.

Configuration Management - Process for the management of a logical model of the IT infrastructure. Management tasks include identification, control and

verification of all Configuration Items and versions (hardware, software, applications, etc)

Release Management - Process for management of all activities associated

with a large, major or critical release of software or hardware, and associated documentation and training/communication plans.


124

Service Desk - Single Point of Contact for users in need of IT services and/or

assistance (formerly known as the Help Desk).

Service Level Management - Process for management of ongoing service level agreement negotiations, monitoring, reporting and review, as well as

implementation of actions to improve levels of service.

Refresh Schedule

All standards identified in this document are subject to review and possible revision annually or upon request by the L&I–OIT Standards Committee.


In the event of a need for an exemption, for reasons such as the need to

comply with requirements for a Federally mandated system, an „Enterprise

Standards Waiver Request‟ form must be submitted via e-mail to: L&I Software Review Committee.


Questions

Questions regarding this general standards statement should be directed to Edward Bowlen, Chief, Standards Development and Compliance Division, Bureau of Enterprise Architecture, at [email protected].



125




Domain: Systems Management

Discipline: IT Service Management

Technology IT Service Management (ITSM) Product and Platform Standards

Document Title:

Referenced by:


CURRENT STANDARDS


Remedy Action

Request System 7.6

All L&I Standard, not OA

Remedy Action

Request System 7.5


CONTAIN


Remedy Action Request System 7.1


RETIRE







126

EMERGING / RESEARCH


Remedy Action

Request System 8.0

All


127

Appendix

„Enterprise Standards Waiver Request‟ form: Enterprise Standards Waiver Request

Memos: Enterprise Memos

Additional policies and standards that apply to agencies, boards and commissions under the

Governor‟s jurisdiction are listed below. They can be accessed through the following link:

OA ITB Index

Access Domain (ACC)

ITB-ACC001 - IT Accessibility Policy

Application Domain (APP)

ITB-APP001- Business Solutions Center of Excellence (BSCoE)

ITB-APP002 - Web Server / Application Server Standards

ITB-APP003 - Search Technology Standards

ITB-APP004 - Collaboration Technology Standards, Issued

ITB-APP005 - Commonwealth of Pennsylvania Web Site Standards

ITB-APP006 - Addressing Solutions Standards, Issued

ITB-APP007 - Commonwealth of Pennsylvania External Web Site Linking Policy,

ITB-APP008 - Business Process Management Policy (BPM)

ITB-APP009 - Automatic Vehicle Location (AVL) Technology Standard

ITB-APP010 - Alerting and Notification Service Standards

ITB-APP011 - Application Development Languages

ITB-APP012 - Application Development Methodologies

ITB-APP013 - Integrated Development Environments

ITB-APP014 - Application Testing Tools Policy

ITB-APP015 - Web Development Frameworks

ITB-APP016 - Requirements, Data, and Object Modeling Tools

ITB-APP017 - Requirements Management Tools

ITB-APP018 - Software Configuration Management Tools

ITB-APP019 - Software Change Management Tools

ITB-APP020 - Open Source Software

ITB-APP021 - Forms Development Tools Policy

ITB-APP022 - Financial Applications Policy

ITB-APP023 - Human Resources Applications Policy,

ITB-APP024 - Supplier Relationship Management Applications Policy

ITB-APP025 - Customer Relationship Management Applications Policy

ITB-APP026 - Product Life Cycle Management Applications Policy

ITB-APP027 - Supply Chain Management Applications Policy

ITB-APP028 - Materials Management Applications Policy

ITB-APP029 - Portal Technology Standards

ITB-APP030 - Active Directory Architecture

ITB-APP031 - File Transfer Protocol (FTP) Policy

ITB-APP032 - Commonwealth of Pennsylvania Centralized E-Mail Policy

ITB-APP033 - Use of Freeware Policy

ITB-APP034 - Anti-Virus Technology Standards

ITB-APP035 - Internet Browser Policy

ITB-APP036 - Office Productivity Software Policy

ITB-APP037 - Document Viewer and Reader Policy

ITB-APP038 - SAP Graphical User Interface (GUI)

http://www.portal.state.pa.us/portal/server.pt/gateway/PTARGS_0_2_785_416_0_43/http%3B/pubcontent.state.pa.us/publishedcontent/publish/global/files/itbs/project_management_itbs/itb_epm003/it_procurement_waiver_review_form_rev__2007_07_18.doc

http://www.portal.state.pa.us/portal/server.pt/community/enterprise_memos/1249/2004_enterprise_memos/242497

http://www.portal.state.pa.us/portal/server.pt/community/policies_and_procedures/416/information_technology_bulletins


128

Business Domain (BUS)

ITB-BUS001 - Integrated Enterprise System SAP License Review

ITB-BUS002 - Transactions Fee Policy

ITB-BUS003 - Emergency Telework Policy

Information Domain (INF)

ITB-INF001 - Database Management Systems

ITB-INF002 - Metadata Standards

ITB-INF003 - Data Modeling Standards

ITB-INF004 - Data Warehouse Standards

ITB-INF005 - Mobile Data Standards

ITB-INF006 - Commonwealth County Code Standard

ITB-INF009 - e-Discovery Technology Standard

ITB-INF010 - Business Intelligence Policy

ITB-INF011 - Reporting Policy

ITB-INF012 - Dashboard Policy

ITB-INFGT001 - Geospatial Information Systems (GIS)

ITB-INFRM001 - The Life Cycle of Records: General Policy Statement

ITB-INFRM004 - Management of Web Records

ITB-INFRM005 - System Design Review of Electronic Systems

ITB-INFRM006 - Electronic Documents Management Systems

ITB-INFRM007 - Management of Electronic Information Created via Multi-Functional

Devices or Other non-EDMS Desktop Scanners

Integration Domain (INT)

ITB-INT001 - Message Oriented Middleware

ITB-INT006 - Business Rules Engine

ITB-B.1 - Electronic Commerce Formats and Standards

ITB-B.2 - Electronic Commerce Interface Guidelines

Network Domain (NET)

ITB-NET001 - Wireless LAN Technology

ITB-NET002 - Network Router and Switch Technology Standards

ITB-NET003 - Enterprise Voice Communications

ITB-NET004 - Internet Protocol Address Standards

ITB-NET005 - Commonwealth Domain Naming Standards (DNS) and Configuration

ITB-NET007 - Capitol Complex Cable Television (CATV) Services

ITB NET008 - Telecommunications Services for Commonwealth Business Partners

ITB-NET009 - Video Conferencing Services for the Commonwealth of PA

ITB-NET010 - Commonwealth of Pennsylvania Satellite Services & Equipment Policy

ITB-NET015 - Enterprise Network Maintenance Scheduling

ITB NET016 - Wireless Cellular Data Technology

ITB-NET017 - Network Timing Protocol

ITB-NET018 - Internet Access

Platform Domain (PLT)

ITB-PLT001 - Desktop and Laptop Technology Standards

ITB-PLT004 - Statewide PC / Terminal Maintenance Contract

ITB PLT005 - Intel Based Server Operating System Policy

ITB-PLT010 - CoPA Policy for the Management of Networked Printers and Multi-Function

Equipment

ITB-PLT011 - Mobile Device Policy and Standards


129

ITB-PLT012 - Use of Privately Owned PCs to Access CoPA Resources

ITB-PLT015 - Office Class Printer Device Policy

ITB-PLT017 - Desktop and Laptop Operating System Standards

Privacy Domain (PRV)

ITB-PRV001 - Commonwealth of Pennsylvania Electronic Information Privacy Policy

ITB-PRV002 - Electronic Information Privacy Officer

Project Management Domain (EPM)

ITB-EPM001 - Integrated Project and Portfolio Management System (IPPMS)

ITB-EPM002 - Enterprise E-learning Solution

ITB-EPM003 - IT Procurement Review Process

ITB-EPM005 - Enterprise Learning Management System

Security Domain (SEC)

ITB-SEC001 - Enterprise Host Security Software Suite Standards and Policy

ITB-SEC002 - Internet Accessible Proxy Servers and Services

ITB-SEC003 - Enterprise Security Auditing and Monitoring - Internet Access Control and

Content Filtering (IACCF) Standard

ITB-SEC004 - Enterprise Web Application Firewall

ITB-SEC005 - Commonwealth Application Certification and Accreditation

ITB-SEC006 - Commonwealth of Pennsylvania Electronic Signature Policy

ITB-SEC007 - Minimum Standards for User IDs and Passwords

ITB-SEC008 - Enterprise E-mail Encryption

ITB-SEC009 - Minimum Contractor Background Checks Policy

ITB-SEC010 - Virtual Private Network Standards

ITB-SEC011 - Enterprise Policy and Software Standards for Agency

ITB-SEC012 - Commonwealth of PA System Logon Banner Requirements Policy

ITB-SEC013 - Identity Protection and Access Management (IPAM) Architectural Standard -

Identity Management Services

ITB-SEC014 - Identity Protection and Access Management (IPAM) Architectural Standard –

Identity Management Technology Standards

ITB-SEC016 - Commonwealth of Pennsylvania – Information Security Officer Policy

ITB-SEC017 - CoPA Policy for Credit Card Use for e-Government Applications

ITB-SEC019 - Policy and Procedures for Protecting Commonwealth Electronic Data

ITB-SEC020 - Encryption Standards for Data at Rest

ITB SEC021 - Security Information and Event Management Policy

ITB-SEC023 - Security Assessment and Testing Policy

ITB-SEC024 - IT Security Incident Reporting Policy

ITB-SEC027 - Standard for Electronic Postmarks

ITB-SEC029 - Minimum Standards for Improving Physical Security Access

ITB-SEC031 - Encryption Standards for Data in Transit

ITB-SEC034 - Enterprise Firewall Rule Set

Systems Management Domain (SYM)

ITB-SYM001 - Enterprise IT Service Management Standards

ITB SYM003 - Off-Site Storage for Commonwealth Agencies

ITB SYM004 - Policy for Establishing Alternate Processing Sites for Commonwealth Agencies

ITB-SYM006 - Desktop and Server Software Patching Policy

ITB-SYM007 - Guidelines for Deploying BlackBerry Devices in Commonwealth Agencies

ITB-SYM008 - Server Virtualization Policy

ITB-SYM009 - Commonwealth of Pennsylvania Data Cleansing Policy