Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
L&I Enterprise Standards
2
Revision History
Date Versio
n Description Author
1.0 Initial Creation
02-20-2007
1.1 Merged with OA Stds.
Standardized format of all sections
BEA/amh
05-15-2007 1.2 Removed standards related to the Development
Practices/BSCoE Standards from this document
and published “DRAFT_BSCoE
Development_Practices”
BEA/amh
06-14-2007 1.3 Updated with changes submitted by each domain
and consequently approved by the Enterprise
Standards Steering Committee.
BEA/amh
08-29-2007 1.4 Updated the links from old PA DSF developed site
to new AquaLogic OA Portal. This change
occurred after previous version was submitted for
review.
BEA/amh
09-12-2007 1.5 Added summary paragraph to the Preface in
accordance with Mary Benner‟s directive to specify
files external to the Comm of PA must be sent
FTP.
BEA/amh
Added link to OA Enterprise Standards to Preface. BEA/amh
Added new section to Information and Integration
Standards domain: FTP Clients.
BEA/amh
Added Mozilla Firefox browser to PC Enterprise
EMERGING section of the Platform Standards
domain with comments limiting its use to OIT web
application testing.
BEA/amh
Added SafeBoot to the PC Enterprise CURRENT
section of the Platform Standards domain.
BEA/amh
Added MS BitLocker to the PC Enterprise
EMERGING section of the Platform Standards
domain.
BEA/amh
Added, to the Application Standards domain, a
link to the following BSCoE Best Practices located
out on the OA Enterprise Portal:
Business Requirements Gathering
Change and Configuration Management
Source Code Control
Documentation
Coding
Messaging
Quality Assurance
Application Security
BEA/amh
10-11-2007 1.6 Reworded reference to EDI in Preface BEA/amh
Added link description to BSCoE Development
Practices sections
BEA/amh
Replaced references to „Policy‟ with „Standard‟ per BEA/amh
L&I Enterprise Standards
3
Gary Collins request.
08-19-2008 1.7 Added Requirements Definition Lifecycle BEA/hna
Added Security – Incident Response BEA/cas
Added Security – Security testing and assessment BEA/cas
04-2009 1.8 Updated version of IBM Tivoli Monitoring Suite BEA/cas
05-2009 1.9 Updated versions SQL Server and Visual Studio to
2008
BEA/cas
Changed all references of Mercury to HP
Removed references to OAs ITB I 6.2.1 – it was
rescinded by OA.
06-2009 2.0 Updated Platform – PC Enterprise Standards BEA/cas
Added Microsoft Team Foundation Server to
Software Configuration Management
Added Oracle UPK Pro 6.2 to Development Tools -
Help (previously OnDemand)
Added new section Management Tools – Job
Scheduler
7-2009 2.1 Added Microsoft Outlook 2007 to PC Enterprise
Software under Emerging
BEA/cas
10-2009 Updated Intel Server Operating System standards BEA/cas
Updated UNIX Server Operating System standards
Updated Virtual Server Technology standards
Updated Security/Operating Systems Operational
Standards
06-2010 3.0 Rewritten to consolidate L&I and OA standards
data to be referenced from this document as one
source.
Rational – Updates for version upgrades
Windows 7 – added to „PC Operating System‟ and
„PC Enterprise Software‟ as „Emerging/Research‟
Office 2007 – added as „Current‟
Project 2007 – Added as „Current‟
Visio 2007 – Added as „Current‟
MS OneNote 2007 – Added as „Current‟
System Center Configuration Manager 2007 –
Added as „Emerging/Research‟
MS Virtual PC 2007 - Updates for version
upgrades
BEA/cas,
wch
07-2010 3.1 Removed standards related to the Development
Practices/BSCoE Standards.
Full review cycle completed. All sections have
been reviewed and updated or validated by the
appropriate program area.
BEA/hna,
wch
L&I Enterprise Standards
4
Preface
The Department of Labor and Industry Enterprise Standards document was
developed to record and demonstrate the Department of Labor and Industry, Office of Information Technology‟s compliance with the over-all Enterprise
Architecture Policies and Domain Standards. Those policy and standards originated from the Office of Administration, which has the executive
oversight of the IT efforts of all state agencies within the Commonwealth of Pennsylvania. The standards listed in this document correlate very closely to
specific Information Technology Bulletins (ITBs) listed within OA Domains.
OA standards and L&I standards, however, are not a carbon copy of one another. In most cases, there are no discrepancies between the two;
however, there are several instances where L&I has obtained exceptions
from OA recommendations. These exceptions are duly noted. In addition, L&I does not currently employ all of the OA approved software listed in this
document, but it does accept these recommendations and will adopt those standards should there be a need for like software in the future. At present,
the only Labor & Industry exceptions to OA standards are those that have been acknowledged and sanctioned.
Should any areas exist that this Enterprise Standards document does not
address, DLI defers to the Commonwealth of PA OA Standards which can be located in the Appendix.
All standards identified in this document are subject to periodic review and
possible revision by the L&I OIT Enterprise Standards Steering Committee (ESSC).
With respect to the transmission of external files to the Commonwealth MAN, the only permitted mode is FTP. With the exception of a few instances
remaining in legacy applications, EDI is no longer an acceptable Commonwealth solution and Web Services (outside the Commonwealth) is not yet supported.
This standard only targets the specific issue of how external files are sent to the Commonwealth and is not intended to address how external files may be
retrieved by the Commonwealth (FTP, link to URL, etc.)
All references to standard software will fall into the following categories:
L&I Enterprise Standards
5
Current Technologies that are supported by the current standards and
meet the requirements of the architecture. They are recommended for use.
Contain These technologies are being phased out over the next three to
five years.
Retire Plans should be developed to phase out and replace these
technologies. A date for discontinuance has been set.
Emerging /
Research
Technologies that have the potential to become current. At the
present time, they should be used only in pilot or test environments where they can be evaluated. They will require a
waiver request to be used in a limited production mode.
L&I Enterprise Standards
6
Table of Contents
APPLICATION STANDARDS .......................................................................................... 10
ABSTRACT ................................................................................................................................. 10
STANDARDS .............................................................................................................................. 10
GENERAL ................................................................................................................................... 11
REFRESH SCHEDULE ................................................................................................................ 11
EXEMPTION FROM THESE STANDARDS .................................................................................... 11
QUESTIONS ............................................................................................................................... 11
DEVELOPMENT LANGUAGES ..................................................................................................... 12
DEVELOPMENT PRACTICES ...................................................................................................... 14
DEVELOPMENT TOOLS – APPLICATION DEVELOPMENT ......................................................... 16
DEVELOPMENT TOOLS – LOAD AND PERFORMANCE TESTING .............................................. 18
DEVELOPMENT TOOLS – TESTING AND DEBUGGING ............................................................ 20
DEVELOPMENT TOOLS – WEB DEVELOPMENT FRAMEWORKS ............................................... 22
DEVELOPMENT TOOLS – REQUIREMENTS, DATA AND OBJECT MODELING ......................... 24
DEVELOPMENT TOOLS – MESSAGING .................................................................................... 26
DEVELOPMENT TOOLS – REPORT DEVELOPMENT .................................................................. 28
DEVELOPMENT TOOLS – REPORT DISTRIBUTION .................................................................. 29
DEVELOPMENT TOOLS – HELP ................................................................................................ 30
DEVELOPMENT TOOLS – RULES ENGINES ............................................................................. 31
DEVELOPMENT TOOLS – SOA REGISTRY AND REPOSITORY ................................................ 32
WEB INFORMATION SERVERS ................................................................................................. 33
WEB APPLICATION SERVERS................................................................................................... 35
PORTAL...................................................................................................................................... 37
MANAGEMENT TOOLS – REQUIREMENTS DEFINITION LIFECYCLE ........................................ 38
MANAGEMENT TOOLS – REQUIREMENTS MANAGEMENT ....................................................... 39
MANAGEMENT TOOLS – SOFTWARE CONFIGURATION MANAGEMENT ................................. 41
MANAGEMENT TOOLS – SOFTWARE CHANGE MANAGEMENT ............................................... 43
MANAGEMENT TOOLS – JOB SCHEDULER .............................................................................. 45
INFORMATION AND INTEGRATION STANDARDS ........................................... 46
ABSTRACT ................................................................................................................................. 46
STANDARDS .............................................................................................................................. 46
GENERAL ................................................................................................................................... 46
REFRESH SCHEDULE ................................................................................................................ 46
EXEMPTION FROM THESE STANDARDS .................................................................................... 46
QUESTIONS ............................................................................................................................... 47
RELATIONAL DBMS ................................................................................................................. 48
DATA & DATABASE MODELING TOOLS .................................................................................. 50
DATABASE ADMINISTRATION TOOLS...................................................................................... 52
MESSAGE ORIENTED MIDDLEWARE ........................................................................................ 54
L&I Enterprise Standards
7
FTP CLIENTS ............................................................................................................................ 55
ELECTRONIC DOCUMENT MANAGEMENT ................................................................................. 56
NETWORK STANDARDS .................................................................................................. 57
ABSTRACT ................................................................................................................................. 57
STANDARDS .............................................................................................................................. 57
GENERAL ................................................................................................................................... 57
REFRESH SCHEDULE ................................................................................................................ 57
EXEMPTION FROM THESE STANDARDS .................................................................................... 57
QUESTIONS ............................................................................................................................... 57
LOCAL AREA NETWORK (LAN) PHYSICAL INFRASTRUCTURE (LAYER 1)............................ 58
WIDE AREA NETWORK (WAN) PHYSICAL INFRASTRUCTURE (LAYER 1) ........................... 59
LOCAL AREA NETWORK (LAN) LAYER 2 PROTOCOLS .......................................................... 60
WIDE AREA NETWORK (WAN) LAYER 2 PROTOCOLS ......................................................... 61
LOCAL AREA NETWORK (LAN) LAYER 3 & 4 PROTOCOLS .................................................. 62
ROUTING ................................................................................................................................... 63
SWITCHING ............................................................................................................................... 64
CONCENTRATOR/HUB .............................................................................................................. 65
BRIDGING ................................................................................................................................. 66
ADAPTER CARDS ...................................................................................................................... 67
MODEMS ................................................................................................................................... 68
REMOTE ACCESS METHODS AND TECHNOLOGY .................................................................... 69
NETWORK DIAGRAM TECHNOLOGIES ..................................................................................... 71
INSTANT MESSAGING .............................................................................................................. 72
NETWORK MANAGEMENT TOOLS ............................................................................................ 73
PLATFORM STANDARDS ................................................................................................. 75
ABSTRACT ................................................................................................................................. 75
STANDARDS .............................................................................................................................. 75
GENERAL ................................................................................................................................... 75
REFRESH SCHEDULE ................................................................................................................ 75
EXEMPTION FROM THESE STANDARDS .................................................................................... 75
QUESTIONS ............................................................................................................................... 75
PC HARDWARE ......................................................................................................................... 76
PC OPERATING SYSTEM .......................................................................................................... 78
PC ENTERPRISE SOFTWARE .................................................................................................... 79
INTEL SERVER HARDWARE ...................................................................................................... 81
INTEL SERVER OPERATING SYSTEM ....................................................................................... 83
UNIX SERVER HARDWARE ..................................................................................................... 85
UNIX SERVER OPERATING SYSTEM....................................................................................... 86
SERVER ENTERPRISE SOFTWARE ............................................................................................ 87
VIRTUAL SERVER TECHNOLOGY .............................................................................................. 89
STORAGE AREA NETWORK ...................................................................................................... 91
STORAGE AREA NETWORK FABRIC SWITCHES ...................................................................... 92
L&I Enterprise Standards
8
NETWORK PRINTING ................................................................................................................ 93
BACKUP/RECOVERY STORAGE - TAPE .................................................................................... 94
PROJECT MANAGEMENT STANDARDS .................................................................... 95
ABSTRACT ................................................................................................................................. 95
STANDARDS .............................................................................................................................. 95
GENERAL ................................................................................................................................... 95
REFRESH SCHEDULE ................................................................................................................ 96
EXEMPTION FROM THESE STANDARDS .................................................................................... 96
QUESTIONS ............................................................................................................................... 96
MS PROJECT, MS PROJECT VIEWER, CLARITY ..................................................................... 97
SECURITY STANDARDS ................................................................................................... 98
ABSTRACT ................................................................................................................................. 98
GUIDING POINTS ..................................................................................................................... 98
STANDARDS .............................................................................................................................. 99
REFRESH SCHEDULE .............................................................................................................. 105
EXEMPTION FROM THESE STANDARDS .................................................................................. 106
QUESTIONS ............................................................................................................................. 106
OPERATING SYSTEMS ............................................................................................................ 107
APPLICATIONS ........................................................................................................................ 108
DATABASE ............................................................................................................................... 110
INCIDENT RESPONSE ............................................................................................................. 110
SECURITY TESTING AND ASSESSMENT ................................................................................. 112
NETWORK SECURITY STANDARDS ........................................................................ 113
ABSTRACT ............................................................................................................................... 113
STANDARDS ............................................................................................................................ 113
GENERAL ................................................................................................................................. 113
REFRESH SCHEDULE .............................................................................................................. 113
EXEMPTION FROM THESE STANDARDS .................................................................................. 113
QUESTIONS ............................................................................................................................. 114
ARCHITECTURE ....................................................................................................................... 115
PORT SECURITY ...................................................................................................................... 116
SECURITY ................................................................................................................................ 117
FIREWALL ACCESS CONTROL ................................................................................................ 117
TRANSPORT CONTROL ........................................................................................................... 118
INTRUSION DETECTION ......................................................................................................... 120
SYSTEMS MANAGEMENT .............................................................................................. 121
ABSTRACT ............................................................................................................................... 121
STANDARDS ............................................................................................................................ 121
GENERAL ................................................................................................................................. 121
REFRESH SCHEDULE .............................................................................................................. 124
L&I Enterprise Standards
9
EXEMPTION FROM THESE STANDARDS .................................................................................. 124
QUESTIONS ............................................................................................................................. 124
IT SERVICEMANAGEMENT (ITSM) PRODUCT AND PLATFORM STANDARDS..................... 125
APPENDIX ............................................................................................................................. 127
L&I Enterprise Standards
10
Application Standards
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: Application Development
Abstract
This document establishes enterprise-wide standards and guidance for Application Development at Labor and Industry (L&I), using a structured
approach to applying technology to solve business problems through the effective utilization of standard development technologies and practices to
deliver reusable business services. This is achieved by the establishment of a library made of common standards, best practices, and a code repository.
The repository is populated with existing “best-in-class” service components developed both internally and externally. In addition, on an ongoing basis,
newly developed components from current and future projects will be stored in the repository.
For additional information, please refer to the Appendix.
Standards
New application development projects will be required to use the current standards and best practices defined by L&I-OIT Enterprise Standards.
Major revisions to existing applications that are not using the current
standards will be reviewed as part of the IT Procurement Review Process to determine if the investment warrants a change in standards at that time.
For applications using languages, tools and frameworks classified as “Retire,” a date for migration off this technology has been established.
IT projects related to application development will be subject to review prior
to inception for compliance with this standard through a review by Communities of Practice and/or the Procurement Review Processes.
The main objectives of these standards are to:
Provide an uniform approach to application development
Provide a common method of setting and achieving enterprise priorities
L&I Enterprise Standards
11
Reduce costs for application development
Decrease time to production for applications Enhance and promote standardization
Enhance information sharing Increase coordinated IT security
Reduce redundancy Improve utilization of IT resources
Provide a developed set of core technologies Provide a standard approach to application development training
and utilization of resources
For additional information, please refer to the Appendix.
General
This Information applies to all Application Development within Labor and
Industry.
Refresh Schedule
All standards identified in this document will be subject to review and possible revision annually or upon request by the L&I–OIT Standards
Committee.
Exemption from these standards
In the event of a need for an exemption, for reasons such as the need to comply with requirements for a Federally mandated system, an „Enterprise Standards
Waiver Request‟ form must be submitted via e-mail to: L&I Software Review Committee.
For additional information, please refer to the Appendix.
Questions
Questions regarding this general standards statement should be directed to Edward Bowlen, Chief, Standards Development and Compliance Division,
Bureau of Enterprise Architecture, at [email protected].
L&I Enterprise Standards
12
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-21-2010
Domain: Application
Discipline: Application Development
Technology: Development Languages
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
C# Windows/.Net
Visual Basic .Net Windows/.Net
ASP .Net Windows/.Net
Java All L&I Standard, not OA
J2SE All
Java SE All
J2EE All
Java EE All
CONTAIN
Technology Platforms Comments
J2SE 1.3.1 and prior All
J2EE 1.3 and prior All
PHP (all versions) All
COBOL1 (all variants and versions)
All
Python (all versions) All
Microsoft J# (all versions)
All
PowerBuilder All
Perl All OA Standard, not L&I
C++ All OA Standard, not L&I
C All OA Standard, not L&I
Fortran (all variants) All OA Standard, not L&I
Entire X All OA Standard, not L&I
Natural All OA Standard, not L&I
Spectrum All OA Standard, not L&I
1 Any new development using COBOL must be approved by L&I before development begins.
L&I Enterprise Standards
13
PL/I All OA Standard, not L&I
Unisys MAPPER All OA Standard, not L&I
Unisys COBOL All OA Standard, not L&I
Oracle Forms All OA Standard, not L&I
RETIRE
Technology Platforms Comments
Visual Basic 6.0 and
earlier
Windows Retire by 12/31/2011
Assembler All Retire by 12/31/2011
PERCobol (all
versions)
All
Microsoft Fox Pro Windows OA Standard, not L&I
Retire by 12/31/2008
Unisys Business information Server
(formally MAPPER) (all versions)
All OA Standard, not L&I Retire by 12/31/2010
Oracle Forms 6i and
Earlier
All OA Standard, not L&I
Retire by 12/31/2008
EMERGING / RESEARCH
Technology Platforms Comments
For the most current OA-OIT Application Domain Standards for Development Languages please refer to the Appendix.
L&I Enterprise Standards
14
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: Application Development
Technology: Development Practices
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Microsoft Solutions
Framework
Windows
IBM/Rational Unified
Process
Windows
CONTAIN
Technology Platforms Comments
BSCoE Software Engineering Process
(SEP)
Windows / AIX
RETIRE
Technology Platforms Comments
Oracle CASE*Method All OA Standard, not L&I
L&I Enterprise Standards
15
EMERGING / RESEARCH
Technology Platforms Comments
Eclipse Process
Framework
Windows
OpenUP (Open Unified Processes
Windows
The most current OA-OIT Application Domain Standards for Development Practices are available at Appendix.
L&I Enterprise Standards
16
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: Application Development
Technology: Development Tools – Application Development
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Microsoft Visual Studio .NET 2010
Windows
Microsoft Visual Studio
.NET 2008
Windows
IBM Rational Application
Developer for WebSphere Software
Version 7.0
Windows
Eclipse Windows
Microsoft Team
Foundation Server (all editions)
Windows Current
CONTAIN
Technology Platforms Comments
Advantage:Gen All L&I Standard, not OA
PowerBuilder (all
versions)
All
Microsoft Visual
Studio (Prior to 2008)
Windows
Sun Java Studio All
Eclipse 3.0 and prior All
IBM Rational
Application Developer for
All
L&I Enterprise Standards
17
WebSphere Software
(Prior to version 6.0)
Borland Delphi All OA Standard, not L&I
Borland Jbuilder All OA Standard, not L&I
Borland C++ OA Standard, not L&I
Borland Enterprise
Studio for Java)
All OA Standard, not L&I
BEA Systems WebLogic Workshop
All OA Standard, not L&I
Oracle Forms Developer
All OA Standard, not L&I
Oracle JDeveloper All OA Standard, not L&I
Sun Forte for Java All OA Standard, not L&I
Compaq Visual Fortran
All OA Standard, not L&I
Micro Focus Net Express
All OA Standard, not L&I
IBM VisualAge
COBOL
All OA Standard, not L&I
IBM VisualAge Java All OA Standard, not L&I
Absoft Fortran All OA Standard, not L&I
RETIRE
Technology Platforms Comments
Microsoft Visual
Studio 6.0 & Earlier
All Retire by 12/31/2008
Microsoft Visual
Interdev (All Versions)
All Retire by 12/31/2008
Microsoft Fox Pro All Retire by 6/30/2008
EMERGING / RESEARCH
Technology Platforms Comments
The most current OA-OIT Application Domain Standards for Development
Tools – Application Development are available at Appendix.
L&I Enterprise Standards
18
Issued by:
L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 06-21-2010
Domain: Application
Discipline: Application Development
Technology: Development Tools – Load and Performance Testing
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
HP LoadRunner 9.52 Windows
CONTAIN
Technology Platforms Comments
IBM/Rational Performance Tester
Windows OA Standard
IBM/Rational Robot Windows OA Standard
IBM/Rational Test Manager
Windows OA Standard
HP WinRunner All OA Standard, not L&I
RETIRE
Technology Platforms Comments
CompuWare QARun All OA Standard, not L&I
Retire by 6/30/2006
L&I Enterprise Standards
19
EMERGING / RESEARCH
Technology Platforms Comments
SOASTA Cloud In POC
The most current OA-OIT Application Domain Standards for Development Tools – Load & Performance Testing are available at Appendix.
L&I Enterprise Standards
20
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 06-21-2010
Domain: Application
Discipline: Application Development
Technology: Development Tools – Testing and Debugging
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
HP Quality center
10.0
Windows
HP Quick Test Pro
10.0
Windows L&I Standard, not OA
CONTAIN
Technology Platforms Comments
SmartTest All L&I Standard, not OA
IBM / Rational
Functional Tester
Windows
IBM / Rational Test Manager
Windows
IBM / Rational Purify Plus
Windows
Mercury WinRunner
(all versions)
All
RETIRE
Technology Platforms Comments
OPENSta All L&I Standard, not OA Retire by 12/31/2005
L&I Enterprise Standards
21
EMERGING / RESEARCH
Technology Platforms Comments
The most current OA-OIT Application Domain Standards for Development Tools –
Testing and Debugging are available at Appendix.
L&I Enterprise Standards
22
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: Application Development
Technology: Development Tools – Web Development Frameworks
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Microsoft .NET 3.5
SP1
Windows
Microsoft .NET 3.0 Windows
J2EE 1.4 All
CONTAIN
Technology Platforms Comments
J2EE 1.3 and Prior All
Microsoft .NET 2.0 Windows
BSCoE.NET
Framework
Windows
BSCoE.4J Framework All
RETIRE
Technology Platforms Comments
Microsoft .NET 1.1 Windows
Microsoft .Net 1.0 Windows
Microsoft ASP Windows
L&I Enterprise Standards
23
EMERGING / RESEARCH
Technology Platforms Comments
J2EE 1.5 All
Microsoft.NET 4.0 Windows
The most current OA-OIT Application Domain Standards for Development Tools –
Web Development Frameworks are available at Appendix.
L&I Enterprise Standards
24
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: Application Development
Technology: Development Tools – Requirements, Data and Object Modeling
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Computer Associates
ERWin
Windows
Microsoft Visio 2007 Windows
CONTAIN
Technology Platforms Comments
Embarcadero ER/Studio
Windows L&I Standard, not OA
Sybase
PowerDesigner
All
Microsoft Visio (all
versions previous to 2003)
IBM / Rational
Modeler/Software Architect
Windows
IBM/Rational Rose/XDE
Windows
Sparx Systems
Enterprise Architect
Windows
Sparx Systems MDG
Integration for Visual Studio 2005
Windows
Borland Together All OA Standard, not L&I
MagicDraw UML All OA Standard, not L&I
Computer Associates
Groundworks
All OA Standard, not L&I
L&I Enterprise Standards
25
RETIRE
Technology Platforms Comments
IBM Rational Rose
XDE Modeler
Windows Retire by 12/31/07
IBM Rational Rose XDE Developer for
Java
Windows Retire by 12/31/07
IBM Rational Rose
Developer XDE for Visual Studio
Windows Retire by 12/31/07
Oracle Designer All OA Standard, not L&I
Retire by 12/31/2005
EMERGING / RESEARCH
Technology Platforms Comments
Microsoft Visio 2010 Windows
The most current OA-OIT Application Domain Standards for Development Tools –
Requirements, Data and Object Modeling are available at Appendix.
L&I Enterprise Standards
26
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-14-2010
Domain: Application
Discipline: Application Development
Technology: Development Tools – Messaging
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
MPKI for SSL
HTTP & HTTPS
SMTP
XML
Namespaces in XML
XML Information Set
SOAP
WS-Addressing
MTOM
WS-Eventing
WS-ReliableMessaging
Web Services Security SOAP Message Security
Web Services Security
UsernameToken Profile
Web Services Security
X.509 Certificate Token Profile
WS-SecurityPolicy
WS-Trust
WS-SecureConversation
WS-Federation
WS-Federation Active Requestor Profile
WS-Federation Passive
Requestor Profile
Web Services Security
Kerberos Binding
WS-Coordination
WSDL
L&I Enterprise Standards
27
Technology Platforms Comments
UDDI
WS-Policy
WS-PolicyAssertions
WS-PolicyAttachment
WS-Discovery
WS-MetadataExchange
WS-BusinessActivity
WS-AtomicTransaction
CONTAIN
Technology Platforms Comments
CORBA All
Microsoft COM/COM+ All
Microsoft ActiveX All
Microsoft DCOM All
RETIRE
Technology Platforms Comments
Oracle CASE*Method All OA Standard, not L&I
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
28
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: Application Development
Technology: Development Tools – Report Development
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Business Objects Enterprise/Crystal
Reports
Windows, AIX L&I Standard, not OA
SAS Windows L&I Standard, not OA
Microsoft SQL Server
Reporting Services
Windows
CONTAIN
Technology Platforms Comments
Oracle Reports All L&I Standard, not OA
RETIRE
Technology Platforms Comments
CA - Easytrieve Z / OS L&I Standard, not OA
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
29
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: Application Development
Technology: Development Tools – Report Distribution
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Cypress Report
Distribution Manager
Windows L&I Standard, not OA
Business Objects
Enterprise
Windows, AIX L&I Standard, not OA
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
30
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: Application Development
Technology: Development Tools – Help
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Adobe RoboHelp Windows L&I Standard, not OA
Oracle UPK Pro 6.2
(previously Ondemand)
Windows L&I Standard, not OA
CONTAIN
Technology Platforms Comments
ComponentOne Doc To
Help
Windows L&I Standard, not OA
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
31
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: Application Development
Technology: Development Tools – Rules Engines
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Corticon
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
32
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: Application Development
Technology: Development Tools – SOA Registry and Repository
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
CentraSite ActiveSOA
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
33
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-14-2010
Domain: Application
Discipline: Application Development
Technology: Web Information Servers
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Microsoft Internet Information Server
(IIS) 7.0
Windows
IBM HTTP Server Windows/AIX/Solaris
Apache Web Server Windows/AIX/Solaris
CONTAIN
Technology Platforms Comments
Oracle HTTP Server
10g
All
Microsoft Internet Information Server 5.x
All
Microsoft Internet Information Server
(IIS) 6.0
RETIRE
Technology Platforms Comments
L&I Enterprise Standards
34
EMERGING / RESEARCH
Technology Platforms Comments
Microsoft Internet
Information Server (IIS) 7.5
L&I Enterprise Standards
35
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-14-2010
Domain: Application
Discipline: Application Development
Technology: Web Application Servers
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Microsoft Internet Information Server
(IIS) 7.0
Windows
Oracle WebLogic Application Server
Windows/AIX/Solaris
IBM WebSphere Application Server
All
JBoss Application
Server
All
Apache Tomcat All
SAP NetWeaver
Application Server1
All
CONTAIN
Technology Platforms Comments
Sun Microsystems Java System Application
Server
All
Oracle Application Server 10g
All
Microsoft Internet Information Server 5.s
All
Microsoft Internet
Information Server (IIS) 6.0
L&I Enterprise Standards
36
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
Microsoft Internet
Information Server (IIS) 7.5
L&I Enterprise Standards
37
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: User Interaction
Technology: Portal
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Oracle WebCenter1 All
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
DSF Version 2.2.03p3 Windows 12/2009
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
38
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: Application Development Management
Technology: Management Tools – Requirements Definition Lifecycle
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Requirements Center (Blueprint)
Windows L&I Standard, not OA
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
39
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: Application Development Management
Technology: Management Tools – Requirements Management
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
HP Quality Center Windows
Microsoft Team Foundation Server 2008
Windows
CONTAIN
Technology Platforms Comments
IBM/Rational Unified
Process
Windows L&I Standard, not OA
IBM / Rational
RequisitePro
Windows
Borland Caliber-RM All OA Standard, not L&I
Telelogic DOORS All OA Standard, not L&I
RETIRE
Technology Platforms Comments
L&I Enterprise Standards
40
EMERGING / RESEARCH
Technology Platforms Comments
The most current OA-OIT Application Domain Standards for Management
Tools – Requirements Management are available at Appendix.
L&I Enterprise Standards
41
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: Application Development Management
Technology: Management Tools – Software Configuration Management
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Microsoft Team
Foundation Server 2008 (TFS 2008)
Windows
CONTAIN
Technology Platforms Comments
Microsoft Visual SourceSafe
Windows
IBM / Rational ClearCase
Windows, AIX, Solaris
IBM Rational Clearcase
LT
All
IBM Rational ClearCase
Multisite
All
RETIRE
Technology Platforms Comments
PVCS All L&I Standard, not OA Retire by 12/31/2007
L&I Enterprise Standards
42
EMERGING / RESEARCH
Technology Platforms Comments
The most current OA-OIT Application Domain Standards for Management Tools – Software
Configuration Management are available at Appendix.
L&I Enterprise Standards
43
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Application
Discipline: Application Development Management
Technology: Management Tools – Software Change Management
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Endevor Z / OS L&I Standard, not OA
HP Quality Center Windows
CONTAIN
Technology Platforms Comments
IBM / Rational
ClearQuest
Windows, AIX, Solaris
IBM Rational
ClearQuest Multisite
All
RETIRE
Technology Platforms Comments
L&I Enterprise Standards
44
EMERGING / RESEARCH
Technology Platforms Comments
The most current OA-OIT Application Domain Standards for Management Tools – Software Change Management are available at Appendix.
L&I Enterprise Standards
45
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-16-2010
Domain: Application
Discipline: Application Development
Technology: Management Tools – Job Scheduler
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Dollar Universe Windows, AIX L&I Standard, not OA
Tivoli Workload Scheduler (TWS)
IBM Mainframe
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING/RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
46
Information and Integration Standards
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Information and Integration
Discipline:
Abstract
The purpose of our committee is to gather information about the current database systems and database management tools used at L&I. From that
information, we are to recommend standards for future database development that will be used by all bureaus within the department.
Standards
General
Refresh Schedule
All standards identified in this document will be subject to review and
possible revision annually or upon request by the L&I –OIT Standards Committee.
Exemption from these standards
In the event of a need for an exemption, for reasons such as the need to comply
with requirements for a Federally mandated system, an „Enterprise Standards Waiver Request‟ form must be submitted via e-mail to: L&I Software Review
Committee.
For additional information, please refer to the Appendix.
L&I Enterprise Standards
47
Questions
Questions regarding this general standards statement should be directed to
Edward Bowlen, Chief, Standards Development and Compliance Division, Bureau of Enterprise Architecture, at [email protected].
L&I Enterprise Standards
48
Issued by: L&I OIT Enterprise Standards Steering Committee Date Issued: Date Revised: 07-08-2010 Domain: Information and Integration
Discipline Data Management
Technology Relational DBMS
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
MS SQL Server
2008
Windows
IBM DB2/400 v5.3 AS/400
Oracle 11g R2 Windows, AIX
CONTAIN
Technology Platforms Comments
IBM DB2/400 AS/400
IBM DB2 UDB v7.2, v8.1, v8.2
Mainframe, Windows, AIX
IBM DB2 v7.2 Mainframe, Windows,
AIX
Sybase Adaptive
Server Enterprise 15
AIX
MS SQL Server 2005
Management Studio v9.00.1399
Windows
IBM DB2 UDB v9 AIX
Oracle 10g, 11g R1 Windows, AIX
RETIRE
Technology Platforms Comments
MS Sql Server 2000 Windows
Sybase Adaptive
Server Enterprise 12.5.0.3
AIX
L&I Enterprise Standards
49
Technology Platforms Comments
Oracle 9i and earlier Windows, AIX
EMERGING / RESEARCH
Technology Platforms Comments
SQL Server 2008
R2(SQL Server 2010)
Windows
L&I Enterprise Standards
50
Issued by: L&I OIT Enterprise Standards Steering Committee Date Issued: Date Revised: 07-08-2010 Domain: Information and Integration
Discipline Data Management
Technology Data & Database Modeling Tools
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Embarcadero
ER/Studio 8.0.1
AIX
Erwin Data Modeler v4.1.2208, v
4.1.4.4224
Windows
Visio Enterprise Architect
OA Standard
CONTAIN
Technology Platforms Comments
Select SE Data
Modeler
Desktop, Windows
2000
Erwin Data Modeler R7.1.0.1075
Windows
Rational Rose Data Modeler
Oracle Designer Oracle
RETIRE
Technology Platforms Comments
L&I Enterprise Standards
51
EMERGING / RESEARCH
Technology Platforms Comments
Embarcadero ER/Studio
8.1.3
Desktop, Windows
2000
L&I Enterprise Standards
52
Issued by: L&I OIT Enterprise Standards Steering Committee Date Issued: Date Revised: 07-08-2010 Domain: Information and Integration
Discipline Data Management
Technology Database Administration Tools
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Embarcadero Technologies DBArtisan
v8
Quest Software Toad
XPERT with DBA Module
V9.0
Windows
Hummingbird Exceed AIX
CONTAIN
Technology Platforms Comments
Embarcadero
Technologies DBArtisan 8.0.1
Desktop, Windows
2000
Embarcadero
Technologies DBArtisan v8.1.2
Windows
Rational Rose
RETIRE
Technology Platforms Comments
L&I Enterprise Standards
53
EMERGING / RESEARCH
Technology Platforms Comments
Quest Software Toad
Suite w/DBA Module
Windows
L&I Enterprise Standards
54
Issued by: L&I OIT Enterprise Standards Steering Committee Date Issued: Date Revised: 07-16-2010 Domain: Information and Integration
Discipline Messaging
Technology Message Oriented Middleware
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
webMethods All
CONTAIN
Technology Platforms Comments
IBM WebSphere MQ v6.0
All
RETIRE
Technology Platforms Comments
IBM MQ Series v5.3 and prior
All
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
55
Issued by: L&I OIT Enterprise Standards Steering Committee Date Issued: 09-12-2007 Date Revised: 07-08-2010 Domain: Information and Integration
Discipline File Transfer Protocol
Technology FTP Clients
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
WS_FTP Pro Windows
Tumbleweed Windows, AIX,
Linux, Solaris
MOVEit Windows
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
56
Issued by: L&I OIT Enterprise Standards Steering Committee Date Issued: 05-11-2010 Date Revised: 07-16-2010 Domain: Information and Integration
Discipline Electronic Documents
Technology Electronic Document Management
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
FileNet P8 All
CONTAIN
Technology Platforms Comments
OnBase
IBM Content Manager
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
57
Network Standards
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network Infrastructure
Discipline:
Abstract
Network Infrastructure provides the transport path between applications and users
Standards
General
Refresh Schedule
All standards identified in this document will be subject to review and possible
revision annually or upon request by the L&I –OIT Standards Committee.
Exemption from these standards
In the event of a need for an exemption, for reasons such as the need to comply
with requirements for a Federally mandated system, an „Enterprise Standards Waiver Request‟ form must be submitted via e-mail to: L&I Software Review
Committee.
For additional information, see the Appendix..
Questions
Questions regarding this general standards statement should be directed to
Edward Bowlen, Chief, Standards Development and Compliance Division, Bureau of Enterprise Architecture, at [email protected].
L&I Enterprise Standards
58
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Physical Network
Technology Local Area Network (LAN) Physical Infrastructure (Layer 1)
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Category 6 UTP, RJ-45
Multimode, Single
Mode
Fiber, ST, SC, LC
CONTAIN
Technology Platforms Comments
Category 5e UTP, RJ-45
RETIRE
Technology Platforms Comments
Type 1 STP, RJ-45
EMERGING / RESEARCH
Technology Platforms Comments
RF, wireless Access points to edge network devices
L&I Enterprise Standards
59
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Physical Network
Technology Wide Area Network (WAN) Physical Infrastructure (Layer 1)
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Category 5e UTP, RJ-48
Multimode Fiber, SC, LC
Coaxial RG-59U, BNC
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
60
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Network Protocols
Technology Local Area Network (LAN) Layer 2 Protocols
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
FastEthernet, Gigabit Ethernet
Core, distribution and access layers
CONTAIN
Technology Platforms Comments
ATM Core, distribution and access layers
LANE Cisco, IBM
SNA Cisco, IBM, CNT
RETIRE
Technology Platforms Comments
Token Ring Access layer
EMERGING / RESEARCH
Technology Platforms Comments
Wireless – 802.11i(WPA2)
Access points to edge devices
L&I Enterprise Standards
61
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Network Protocols
Technology Wide Area Network (WAN) Layer 2 Protocols
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Frame Relay, ATM Cisco, Provider
SONET Provider
DSL, Cable Provider Broadband
Site to Site VPN Checkpoint, Cisco
CONTAIN
Technology Platforms Comments
LLC2 Cisco
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
Metro-Ethernet Variable
L&I Enterprise Standards
62
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Network Protocols
Technology Local Area Network (LAN) Layer 3 & 4 Protocols
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
TCP/IPv4 Core, distribution and
access layers
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
TCP/IPv6 Core, distribution and access layers
L&I Enterprise Standards
63
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Network Services
Technology Routing
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Vendor Cisco
Routing Protocols EIGRP, OSPF, MPLS,
RIPv2
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
Vendor IBM
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
64
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Network Services
Technology Switching
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Vendor Cisco
Switching Standards ARPA, 802.1D,
802.1Q, ISL, 802.1X, 802.3ad, MPLS
CONTAIN
Technology Platforms Comments
Vendor IBM
Standards ATM, UNI, NNI
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
Switchport Security 802.1X
L&I Enterprise Standards
65
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Network Services
Technology Concentrator/Hub
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
Token Ring IBM MAU
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
66
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Network Services
Technology Bridging
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
DLSw (SNA to IP) Cisco
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
67
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Network Services
Technology Adapter Cards
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Ethernet 100/1000 Mbps
CONTAIN
Technology Platforms Comments
Ethernet 10 Mbps
ATM 25/155 Mbps
RETIRE
Technology Platforms Comments
Token Ring 16/4 Mbps
EMERGING / RESEARCH
Technology Platforms Comments
Carrier Wireless LAN Cisco
L&I Enterprise Standards
68
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Network Management
Technology Modems
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
All V.34, V.42, V.90
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
69
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Network Services
Technology Remote Access Methods and Technology
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Dial-Up RADIUS Secure ID OA Policy
VPN Juniper SSL VPN Appliance
OA Policy
FireWall Juniper Firewalls OA Policy
CONTAIN
Technology Platforms Comments
VPN Cisco, CheckPoint OA Policy
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
70
Text from the Verizon Transition Review of OA ITB‟s
Verizon Review of the COPA Security ITB’s
Recommendations for changes/enhancements resulting from our solution: STD NET006A – Needs to be updated to include the Juniper SSL VPN
Appliance as well as the Juniper Firewalls.
ITB NET006 - The section on split tunneling should be reviewed to ensure that it is in keeping with current requirements and the endpoint defense
capabilities provided in the new solution. The section on two factor authentication should be reviewed and updated as necessary to fit the
current plan for authentication.
STD-SEC011A should be updated to include the Juniper Firewalls as meeting
the COPA requirements or provide a waiver for our use of the Juniper Firewalls
ITB-SEC003 will need to be re-written as it directs each agency to deploy
content filtering. This will no longer be needed as the filtering will be accomplished at the enterprise level.
STD SEC003A will need to be rewritten as it lists SurfControl as the content
filtering solution and Blue Coat as not recommended.
BPD-SEC003B will need to be revised as it requires content filtering at the agency level and lists SurfControl as the required product.
OPD-SEC003C should be reviewed by CoPA security as it lists only a few
categories COPA may want to add additional categories to the list.
L&I Enterprise Standards
71
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Network Management
Technology Network Diagram Technologies
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Network layers 1 Visio 2007, Autocad L&I Standards
Network layers 2, 3,
and 4
Visio 2007
CONTAIN
Technology Platforms Comments
Network layers 1 Visio 2003, Autocad L&I Standards
Network layers 2, 3, and 4
Visio 2003
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
72
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Network Services
Technology Instant Messaging
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Omnipod All OA Waiver needed
Note: In compliance
with OA ITB/directives, no other technology is
listed here
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
73
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Network
Discipline Network Management
Technology Network Management Tools
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
IBM Tivoli Network Management Suite: 1. Tivoli Netview v7.1.5
2. Tivoli Risk Mgr v4.2
AIX, Linux, Windows
Cisco LMS AIX, Linux, Windows
NetView, Syslog
Event Logging
AIX, Linux, Windows
Network General Protocol Analyzer
Windows, Linux
Solar Winds Network Monitoring
Windows
MRTG Bandwidth
Utilization
Windows, Linux
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
L&I Enterprise Standards
74
EMERGING / RESEARCH
Technology Platforms Comments
Network Security GFI LANGuard,
Nessus
Netlow All
L&I Enterprise Standards
75
Platform Standards
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Platform
Discipline: Infrastructure
Abstract
Platforms provide the physical hardware to run applications in both a local
and distributed environment. The Platform Domain also encompasses enterprise software running on both desktops and servers.
Standards
General
Refresh Schedule
All standards identified in this document will be subject to review and
possible revision annually or upon request by the L&I–OIT Standards
Committee.
Exemption from these standards
In the event of a need for an exemption, for reasons such as the need to comply with requirements for a Federally mandated system, an „Enterprise Standards
Waiver Request‟ form must be submitted via e-mail to: L&I Software Review Committee.
For additional information, see the Appendix.
Questions
Questions regarding this general standards statement should be directed to
Edward Bowlen, Chief, Standards Development and Compliance Division,
Bureau of Enterprise Architecture, at [email protected].
L&I Enterprise Standards
76
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Platform
Discipline Infrastructure
Technology PC Hardware
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Desktop,
Standard Version
The Commonwealth of Pa
currently has purchasing contract number 5850-01 in place with
Dell. Please refer to http://www1.us.dell.com/content/
for current available PC configurations.
Desktop, High
End Version
Laptop,
Standard
Laptop, High End
CONTAIN
Technology Platforms Comments
Intel Pentium III Based Systems
Varies
RETIRE
Technology Platforms Comments
Intel Pentium II Based Systems
Varies
L&I Enterprise Standards
77
EMERGING / RESEARCH
Technology Platforms Comments
64 Bit CPUs Intel and AMD
L&I Enterprise Standards
78
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Platform
Discipline Infrastructure
Technology PC Operating System
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Windows XP; SP 3 Desktops, Laptops
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
Windows 2000; SP 4 Desktops, Laptops
EMERGING / RESEARCH
Technology Platforms Comments
Windows 7 Desktops, Laptops
L&I Enterprise Standards
79
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Platform
Discipline Infrastructure
Technology PC Enterprise Software
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
MS Office 2007; SP2 Desktops, Laptops
Microsoft Internet Explorer 7.0
Desktops, Laptops
MS OneNote 2007 Desktops, Laptops
IBM Personal Communications 5.0
Desktops, Laptops
IBM Iseries Access for Windows Workstation
5.3
Desktops, Laptops
SafeBoot V5.1.2.0
Desktops, Laptops DLI loading on laptops only for now, while
resolving licensing issues
MS Visio 2007 Desktops, Laptops
MS Project 2007 Desktops, Laptops
CONTAIN
Technology Platforms Comments
MS Visio 2003 Desktops, Laptops
MS Project 2003 Desktops, Laptops
MS Office 2002; SP3 Desktops, Laptops
RETIRE
Technology Platforms Comments
Windows 2000 Desktops, Laptops
MS Office 2000 Desktops, Laptops
Microsoft Internet
Explorer 6.0
Desktops, Laptops
L&I Enterprise Standards
80
EMERGING / RESEARCH
Technology Platforms Comments
Office 2010 Desktops, Laptops
Microsoft Internet
Explorer 8.0
Desktops, Laptops
Mozilla Firefox browser Desktops, Laptops DLI Waiver required for installation of this
software
L&I Enterprise Standards
81
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Platform
Discipline Infrastructure
Technology Intel Server Hardware
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Small Server IBM x3650 M3 Intel Xeon 4 to 6 Core x64
Medium Server IBM x3850 x5, x3755 Intel Xeon 4 to 8 Core x64
Large Server IBM x3950 x5 Intel Xeon 4 to 8 Core
x64
CONTAIN
Technology Platforms Comments
Intel PIV Based Systems
x3650, x3850, x3950
Blade Server IBM BladeCenter H
RETIRE
Technology Platforms Comments
Intel PIV Based Systems
x345, x346, x365, x366, x445, x460
Intel Pentium III Based Systems
All
Intel Pentium II
Based Systems
Varies
Intel PIV Based
Systems
x440, x360
Dell Servers All
Intel Pentium I
Based Systems
All
L&I Enterprise Standards
82
EMERGING / RESEARCH
Technology Platforms Comments
Intel PIV Based Systems
Intel Xeon 8+ Core
64 Bit CPUs Intel, AMD
L&I Enterprise Standards
83
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Platform
Discipline Infrastructure
Technology Intel Server Operating System
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Microsoft Windows 2008 Enterprise
Edition; SP2
Windows Servers 32 or 64 Bit
Microsoft Windows
2008 Standard
Edition; SP2
Windows Servers 32 or 64 Bit
Microsoft Windows
2008 Enterprise Edition R2
Windows Servers 64 Bit
Microsoft Windows
2008 Standard Edition R2
Windows Servers 64 Bit
CONTAIN
Technology Platforms Comments
Microsoft Windows
2003 Enterprise Edition; SP2
Windows Servers 32 or 64 Bit
Microsoft Windows 2003 Enterprise
Edition R2
Windows Server 32 or 64 Bit
L&I Enterprise Standards
84
RETIRE
Technology Platforms Comments
Windows NT 4.0 Windows Servers
Microsoft Windows
2000 Advanced
Server
Windows Servers
EMERGING / RESEARCH
Technology Platforms Comments
Microsoft Windows 8 Enterprise Edition
R2; SP2
Windows Servers 32 Bit or 64
L&I Enterprise Standards
85
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Platform
Discipline Infrastructure
Technology UNIX Server Hardware
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Medium Server IBM P 7 Servers
Large Server IBM P780
CONTAIN
Technology Platforms Comments
Small Server 7026 Legacy Field Office servers
Small Server 7028-6E1 Legacy Field Office
servers
Small Server 7029 Legacy Field Office
servers
Medium Server IBM P520
Large Server IBM P570
RETIRE
Technology Platforms Comments
Small Server 7025-F50
EMERGING / RESEARCH
Technology Platforms Comments
Processor Power 8 servers
L&I Enterprise Standards
86
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Platform
Discipline Infrastructure
Technology UNIX Server Operating System
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
AIX 6.1.4 AIX Servers
Red Hat Enterprise 5.4
Linux Servers
Red Hat Enterprise
5.4 Advanced
Linux Servers
CONTAIN
Technology Platforms Comments
AIX 5.3, 6.1.3 or below
AIX Servers
Red Hat Enterprise 4.x
Linux Servers
RETIRE
Technology Platforms Comments
AIX 5.2.x AIX Servers
Red Hat Enterprise 3.x
Linux Servers
EMERGING / RESEARCH
Technology Platforms Comments
AIX 7.x AIX Servers
Red Hat 6.x Linux Servers
L&I Enterprise Standards
87
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Platform
Discipline Infrastructure
Technology Server Enterprise Software
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
IBM Tivoli Monitoring Suite:
1. ITM v6.2.1
2. ITM for Databases
v6.1/6.2
3. ITCAM for RTT v7.1
4. TDW v2.1
5. TEC v3.9
6. Tivoli Framework
v4.1.1
7. Alignsync
Alarmpoint v4.1
AIX and Windows Servers
IBM Tivoli Storage Manager 5.4
AIX and Windows Servers
IBM Director 6.x Windows Servers
SCCM 2007 SP2 Windows Servers
CONTAIN
Technology Platforms Comments
IBM Tivoli Monitoring Suite:
1. ITM v6.2
2. ITM for Databases
v6.1
3. ITCAM for RTT
v6.1
4. Alignsync
Alarmpoint v3.2
and v4.0
AIX and Windows Servers
ITM v5.1 AIX and Windows Servers
L&I Enterprise Standards
88
Technology Platforms Comments
ITM for Databases v5.1
AIX and Windows Servers
TMTP v5.1 AIX and Windows
Servers
TEDW v5.1.2 AIX and Windows
Servers
RETIRE
Technology Platforms Comments
IBM Director Windows Servers V5 and lower
SMS Windows Servers 2.0, 1.2
Microsoft Systems Management Server
2003
Windows Servers
EMERGING / RESEARCH
Technology Platforms Comments
System Center
Configuration Manager 2007 +
Windows Servers
ITM v6.2 AIX and Windows
Servers
L&I Enterprise Standards
89
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued: 06-4-2007
Date Revised: 07-16-2010
Domain: Platform
Discipline Infrastructure
Technology Virtual Server Technology
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
VMware ESX Server 4.x
Windows & Linux Servers
VMware ESXi 4 Windows & Linux Servers
VMware Virtual
Infrastructure Enterprise 4.x
Windows & Linux
Servers
VMware VCenter 4 Windows Servers
VMware Workstation 6.0 & 6.5
Workstations running Linux or Windows OS
MS Virtual PC 2007 Workstations running Windows only
AIX Power 7 AIX LPARs
CONTAIN
Technology Platforms Comments
VMware ESX Server
2.x
Windows Servers L&I, Treasury Only
VMware
VirtualCenter 1.x
Windows Servers L&I, Treasury Only
MS Virtual PC 2004 Workstations running Windows only
Test & Development only
VMware Workstation 5.5
VMware Workstation 6.0
Workstations running Linux or Windows OS
Test & Development only
AIX 5 , 6 AIX LPARS
L&I Enterprise Standards
90
RETIRE
Technology Platforms Comments
VMware ESX Server
3.x
Windows Servers
VMware Virtual Infrastructure
Enterprise 3.x
Windows Servers
VMware
VirtualCenter 2.x
Windows Servers
EMERGING / RESEARCH
Technology Platforms Comments
VMware ESXi 5 Windows & Linux Servers
AIX Power 8 AIX LPARs
VMware VC 5 Windows Servers
L&I Enterprise Standards
91
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued: 02-20-2007
Date Revised: 07-16-2010
Domain: Platform
Discipline Infrastructure
Technology Storage Area Network
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
IBM DS 8000 Family AIX and Windows Servers
146GB and 300GB drives
IBM XIV AIX and Windows Servers
1 TB SATA drives
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
IBM Shark 800 AIX and Windows Servers
EMERGING / RESEARCH
Technology Platforms Comments
XIV AIX and Windows Servers
FC and Solid State Drives
L&I Enterprise Standards
92
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued: 06-4-2007
Date Revised: 07-16-2010
Domain: Platform
Discipline Infrastructure
Technology Storage Area Network Fabric Switches
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Cisco SAN Switch - MDS-C9513
All
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
Inrange SAN
Switches
All
EMERGING / RESEARCH
Technology Platforms Comments
IBM/Cisco 9500 All
L&I Enterprise Standards
93
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued: 6/7/2007
Date Revised: 07-16-2010
Domain: Platform
Discipline: Infrastructure
Technology: Network Printing
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Network B&W Printer Lexmark T644DN
Network Color
Printer
HP Color Laser
3800DN
CONTAIN
Technology Platforms Comments
Duplex functionality
Secure Print
(requires internal hard drive)
128MB Ram B&W
256 MB Ram Color
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
94
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Platform
Discipline Infrastructure
Technology Backup/Recovery Storage - Tape
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
IBM 3494 Tape
Library
AIX and Windows
Servers
IBM 3584 Tape Library
AIX and Windows Servers
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
95
Project Management Standards
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-13-2010
Domain: Enterprise Project Management Methodology (EPMM)
Discipline: MS desktop solution until CWOPA standard is selected
Abstract
The OA/OIT Project Management Domain Team defined a solution, standard and methodology for EPMM including project prioritization/project
management and portfolio management. The product selected by this team is Clarity, which permits the use of MS Project for the creation of a project
plan with no associated resources. L&I only uses Clarity for submission of Community of Practice proposals and has a very limited number of Clarity
licenses.
Standards
August 25, 2004 – Enterprise Project Management Framework, signed by Art Stephens
can be found by going to the following link and selecting Enterprise Project
Management Framework 08/25/2004 in the „Memos‟ link.
For additional information see the Appendix.
General
DLI-OIT's Project Management Office (PMO) developed a project management methodology (PMM) for use by all areas of OIT. The
methodology breaks the project management life cycle into five phases consisting of project strategy, initiation, planning, execution/control
(including the software development life cycle) and closeout. MS Office-based templates have been created for use with most of the tasks associated
with each of the PMM phases and should be used for all projects as appropriate. The PMO has issued recommendations regarding which
standard project management templates and tasks should be required and
recommended for the various types and sizes of projects. A standard project management approach will enable OIT to engage more organized
and efficient IT projects involving more accurate budgets and schedules than
L&I Enterprise Standards
96
were available prior to the introduction of the project management
methodology.
Refresh Schedule
All standards identified in this document will be subject to review and possible revision annually or upon request by the L&I -OIT Standards
Committee.
Exemption from these standards
In the event of a need for an exemption, for reasons such as the need to comply
with requirements for a federally mandated system, an „Enterprise Standards Waiver Request‟ form must be submitted via e-mail to: L&I Software Review
Committee.
For additional information see the Appendix.
Questions
Questions regarding this general standard statement should be directed to
Edward Bowlen, Chief, Standards Development and Compliance Division, Bureau of Enterprise Architecture, at [email protected].
L&I Enterprise Standards
97
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued: 02-20-2007
Date Revised: 07-16-2010
Domain: Enterprise Project Management Methodology
Discipline Project Management Methodology
Technology MS Project, MS Project Viewer, Clarity
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
L&I PMM Desktops
MS Project 2007 Desktops
MS Project Viewer Desktops
CONTAIN
Technology Platforms Comments
MS Project 2003 Desktops
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
Open Workbench Desktops
Clarity 7.5.3 Servers
Clarity 8 Servers
L&I Enterprise Standards
98
Security Standards
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Security
Discipline:
Abstract
In order to provide and maintain an IT processing environment that assures the integrity, confidentiality, and availability of information for the customers
of the Department of Labor & Industry, there needs to be an agreed upon and enforceable set of IT security standards. These standards are to be
compliant with all existing Commonwealth standards issued by the OA. Additionally any requirements mandated by the Federal government, as
communicated by annual external audit findings must also be adhered to. Also, in conjunction with existing OA standards, other industry security
standards, such as those from the National Institute of Standards and Technology (NIST) and the British Standard, BS 7799 (also known as IS
17799) are to be incorporated as needed.
The IT categories that will be reviewed include: Operating Systems
Applications
Data Base Network
Guiding Points
What is information security?
Information security is the process of protecting data from accidental or intentional misuse by persons inside or outside of an organization, including
employees and consultants. A security breach can involve anything from a computer virus, to an employee who inadvertently discloses his password, to
a former employee or consultant who sabotages a customer database.
Information security is always about balancing the risks versus the rewards of doing business electronically.
Information security should be modeled by holistic security architecture. A holistic security architecture means integrating security into the life cycle of
L&I Enterprise Standards
99
the system/resource to be protected. It shouldn‟t be just an add-on in
response to an immediate security breach. Security should be implemented as part of an ongoing proactive security posture.
Any security methodology should incorporate the following principles:
Least privilege - minimum access, and nothing more, is given to a user
to only perform specific tasks required for that employee to fulfill their job duties.
Separation of Duties - access must be structured to permit functions to be given individually to different users, if necessary, and not
universally available.
To satisfy the needs of robust security architecture, there are certain standard security services that are always needed: authentication,
authorization, auditing (which includes logging facilities), and intrusion
detection.
Standards
Identification and Authentication of Users on New L&I Computer
Systems C-301 (Rev June 21, 2010)
L&I Network Security Policy & Standards – July 7th, 2010
L&I Network Security Architecture design – May 13, 2003
Domain Security and Audit Policies (DRAFT) May 5, 2005
Application Access Control C-306 - July 10, 2007
Data Encryption Standards C-320 – February 12, 2009
Information Technology Asset Restrictions Policy C-330 – February 12, 2009
L&I Enterprise Standards
100
General
Operating Systems Operational Standards
Rationale
Users are responsible for activities
performed under their personal id. Users
must set their own passwords.
OA ITB SEC007
Users must log off and/or secure workstations when not in use.
OA ITB SEC007
Systems must have the ability to identify what user ID‟s are currently logged on to
that system and must provide an audit trail of user activities.
Insures user auditabilty
Passwords must be comprised of a
minimum of eight (8) alphanumeric characters and must include characters
from at least three of the four categories used for CWOPA password authentication.
Character selection is
compatible with CWOPA requirements.
Provides optimum protection concerning
password cracking.
CWOPA Passwords are to be changed every
60 days. They may not be changed more than once every fifteen (15) days.
OA ITB SEC007
Password files should be non- retrievable
(only accessible to the security administrator, not viewed by the user).
OA ITB SEC007
Encrypt passwords during storage and during transmission over networks.
Commonly accepted security practice-
assures confidentiality of password.
Passwords should be stored in a
confidential manner. This includes
hardcopy or as data on any electronic format.
Commonly accepted
security practice-
assures confidentiality of password
L&I Enterprise Standards
101
Operating Systems Operational Standards
Rationale
Identify and reset vendor supplied default
passwords before the information system is used in a production mode.
OA ITB SEC007
Document and control user ID‟s and passwords with special privileges.
Satisfies GAAP audit requirements.
Do not embed or hard-code passwords into
an information system.
OA ITB SEC007
Uniquely identify each user to a system
with an id that is associated only with that user.
Office of Administration
(OA) Information Technology Bulletin
(ITB) SEC007
Each employee who requires a user ID is to
have only one user ID unless approved in writing by the security administrator.
Insures user auditabilty
and stability of user security administration.
Authenticate users before allowing them to perform any activities.
OA ITB SEC007
Enable time-out features after a specific
period of time, preferably for 15-30 minutes of inactivity.
OA ITB SEC007
Limit unsuccessful logon attempts. Temporarily lockout the user id when three
(3) unsuccessful attempts are reached.
OA ITB SEC007
Maintain audit logs that capture information on password logins and
attempted logins.
Identifies denial of service attacks and
user Signon problem
areas.
Limit display to necessary information such as the user id and password prompts
during the logon process.
OA ITB SEC007
Do not display passwords on screens in
clear-text during the logon or other processes.
OA ITB SEC007
L&I Enterprise Standards
102
Operating Systems Operational Standards
Rationale
While this may not be feasible in all
situations, it is recommended that after a user has successfully completed the
identification process, the user receive
display information such as prior logon history to enable the user to verify prior
logons.
Facilitates ongoing
security awareness, i.e. this helps individual
users detect
whether someone else has illicitly obtained his
or her password.
Permit only authorized security administration staff to enable and/or re-
enable a user id.
Insures integrity of userid password
methodology and satisfies external audit
requirements.
A Banner page Disclaimer addressing
responsibilities relative to the use of the password, Commonwealth information
accessed, and equipment used (PCs or other information technology equipment)
must be included and viewable by each user prior to Logon.
OA ITB SEC007
Management Directive 205.34
Users are prohibited from logging into the
system anonymously (for example, by using "guest" user IDs).
OA ITB SEC007
Reference OIT Policy C-301-Identification and Authentication of Users on New L&I
Computer Systems (Rev 2010) for additional standards for Business Entity
Users and Public Users.
L&I Enterprise Standards
103
Application Operational Standards
Rationale
Applications will utilize the L&I Standard for Role Based Security (Computer
Associates SitemInder/Identity Manager suite) for Identity and Access Managemnt
(IAM).
Authenticity of individual users is
critical to the overall integrity of the
application.
Applications should log user access
attempts, and maintain audit records of activity that can be traced to individual
users. Access to these audit records should be restricted to a limited number of
security officers. Applications should also log the use of security override functions
and administrator changes to security databases.
Promotes user
auditability and stability of user security
administration.
Administrative users should not be granted universal access unless required to perform
extensive, daily reviews of application logs and audit records.
Separation of duties is essential to maintaining
confidentiality and integrity of application
data.
An authorization framework should be implemented for direct access to
application resources. This will be, Role-
Based Access Control through the L&I IAM standard. The framework must provide for
both technical and administrative access control.
Insuring the authenticity of users
and related access can
facilitate high application availability.
The number of roles should be limited, and
a risk analysis should be conducted to confirm that each role represents an
adequate separation of duties and has access to the appropriate level of sensitive
and confidential information.
Management Directive
205.37, Role Assignment, Security
and Internal Control Maintenance.
L&I Enterprise Standards
104
Application Operational Standards
Rationale
“The Principle of Least Privilege” should be
used as a guideline for defining user and role access. That is, users should be given
the minimum level of access necessary to
perform the
Essential to maintaining
confidentiality and integrity of application
data.
Work required of them, and should be unable to access any application resource
before access is specifically granted by a designated security officer.
Applications should implement a sufficient
level of action granularity for each
transaction (such as “Add”, “Update”, “Delete” and “Display”), to facilitate
adherence to the “Least Privilege” concept.
Essential to maintaining
confidentiality and
integrity of application data.
Sample scripts should be removed from Production servers.
Reduces potential for access by unauthorized
user.
Utilize SSL (Secure Sockets Layer) protocol to encrypt sensitive application data. All
critical/confidential data must be encrypted in transit as well as at rest as specified in
OA & L&I IT Security Policies.
Essential to maintaining confidentiality,
integrity, and availability of sensitive
application data.
OA ITB SEC031 OA ITB SEC020
L&I C-320
Placement of sensitive data in temporary
directories or access logs should be limited.
Essential to maintaining
confidentiality, integrity, and
availability of sensitive application data.
L&I Enterprise Standards
105
Database Operational Standards
Rationale
Database audit controls should include the creation of audit records at the application,
database and operating system levels.
Insures user auditabilty.
Controls should be implemented to assure
that application, database and system audit records cannot be modified and that
data cannot be accessed once deleted.
Contributes to integrity
of data & audit trail.
Database change controls should include
the requirement that all database changes be formally documented and attributable to
a specific individual.
Contributes to integrity
of data & audit trail.
Access to extremely sensitive data should be sufficiently granular to minimize the
data accessible by any one individual.
Facilitates „Separation of Duties‟
Redundant data should be limited. Contributes to integrity
of data
Unused stored procedures should be deleted
Contributes to availability of data
Network Operational Standards
Rationale
Reference L&I Network Security Policy & Standards document (July 7th, 2010) & L&I
Network Security Architecture Design
document (May 13, 2003)
Refresh Schedule
All standards identified in this document will be subject to review and
possible revision annually or upon request by the L&I -OIT Standards Committee.
L&I Enterprise Standards
106
Exemption from these standards
In the event of a need for an exemption, for reasons such as the need to
comply with requirements for a Federally mandated system, an „Enterprise Standards Waiver Request‟ form must be submitted via e-mail to: L&I
Software Review Committee.
For additional information see the Appendix.
Questions
Questions regarding this general standards statement should be directed to Edward Bowlen, Chief, Standards Development and Compliance Division,
Bureau of Enterprise Architecture, at [email protected].
L&I Enterprise Standards
107
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Security
Discipline Host Security
Technology Operating Systems
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
CWOPA Authentication
Windows
CONTAIN
Technology Platforms Comments
RACF IBM Mainframe (z/OS)
IBM I Series Security OS/400
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
108
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Security
Discipline Enterprise Security
Technology Applications
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
CWOPA Authentication Windows
CA SiteMinder/Identity Manager
All
CONTAIN
Technology Platforms Comments
CIMS Security
PowerComp Security AIX
DSF-Ulogin
E-Tides security
Advantage Gen
Security
IBM Mainframe
(z/OS)
RETIRE
Technology Platforms Comments
L&I Enterprise Standards
109
EMERGING / RESEARCH
Technology Platforms Comments
Tivoli Identity
Manager
All
L&I Enterprise Standards
110
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Security
Discipline Enterprise Security
Technology Database
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Security is utilized that is inherent with each operating system. Refer to Relational Database management Systems Domain
CURRENT STANDARDS
Technology Platforms Comments
Guidance Software enCase v6
Windows, Linux, Others
CONTAIN
Technology Platforms Comments
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued: 02-4-2008
Date Revised: 07-08-2010
Domain: Security
Discipline Enterprise Security
Technology Incident Response
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
L&I Enterprise Standards
111
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
112
CURRENT STANDARDS
Technology Platforms Comments
HP Sitescope v 9.50 Windows, Linux, Others
L&I Standard, not OA
HP Webinspect v 7.7.869
Windows L&I Standard, not OA
HP Devinspect v 5.1 Windows L&I Standard, not OA
HP QAInspect v 5.1 Windows L&I Standard, not OA
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued: 09-4-2008
Date Revised: 07-08-2010
Domain: Security
Discipline Enterprise Security
Technology Security testing and assessment
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
L&I Enterprise Standards
113
Network Security Standards
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Security
Discipline: Network Security
Abstract
Network Security controls access between authorized users and applications
Standards
Network Security is governed by a Network Security policy and associated standards and guidelines
General
Security Architecture defines the Confidentiality, Integrity, and Availability
(CIA) connectivity relationships between the users and information repositories
Refresh Schedule
All standards identified in this document will be subject to review and possible revision annually or upon request by the L&I -OIT Standards
Committee.
Exemption from these standards
In the event of a need for an exemption, for reasons such as the need to comply with requirements for a Federally mandated system, an „Enterprise
Standards Waiver Request‟ form must be submitted via e-mail to: L&I Software Review Committee.
For additional information see the Appendix.
L&I Enterprise Standards
114
Questions
Questions regarding this general standards statement should be directed to
Edward Bowlen, Chief, Standards Development and Compliance Division, Bureau of Enterprise Architecture, at [email protected].
L&I Enterprise Standards
115
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Security
Discipline Network Security
Technology Architecture
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Multi-Zoned Security
Model
802.1q tagged network
segmentation of network building blocks to security
zones via firewall. (Checkpoint/Cisco)
CONTAIN
Technology Platforms Comments
Dual Zone (inside/outside)
Security Model
Checkpoint/Cisco
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
116
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Security
Discipline Network Security
Technology Port Security
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Media Access Control for each PC
connecting to L&I network is
authorized and
bound to its connecting
switchport
Cisco Access Switches (2900 thru 450x)
Lucent QIP
(authorization)
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
Network Admission Control (NAC)
Cisco, McAfee
L&I Enterprise Standards
117
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Security
Discipline Network Security
Technology Firewall Access Control
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
CheckPoint NG/AI Nokia IPSO
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
PIX Cisco
OPD-SEC034A, Enterprise Firewall Rule Set Configurations, identifies those services
that are permitted. (obtain from Information Agency Security Officer)
L&I Enterprise Standards
118
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Security
Discipline Network Security
Technology Transport Control
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
CiscoSecure Access Control Systems
(ACS) – control switch and router access
Cisco Secure ACS-runs on Windows
technology
Lucent QIP 6.2 -
controls user layer 3 network access (IP
addressing via DHCP)
Lucent application-
runs on Linux Redhat (QIPSYBASE)
CONTAIN
Technology Platforms Comments
Lucent QIP 5.2
RETIRE
Technology Platforms Comments
L&I Enterprise Standards
120
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued:
Date Revised: 07-08-2010
Domain: Security
Discipline Network Security
Technology Intrusion Detection
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Snort Analysis Control
for Intrusion Detection (ACID)
Linux Redhat
CONTAIN
Technology Platforms Comments
RETIRE
Technology Platforms Comments
EMERGING / RESEARCH
Technology Platforms Comments
L&I Enterprise Standards
121
Systems Management
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued: 07-20-2010
Date Revised: 07-20-2010
Domain: Systems Management
Discipline: IT Service Management
Abstract
This document establishes enterprise-wide standards and guidance for Information Technology Service Management (ITSM) and its effective usage
at Labor and Industry (L&I). The established ITSM standards provide guidance for procurement and support of assets, changes to network
infrastructure, and delivery of service desk support. The ITSM Product and Platform Standards document provides guidance on the current ITSM
product standards and the status of other ITSM solutions that are being used or are being considered for use.
For additional information, please refer to the Appendix.
Standards
These technologies meet the requirements of the current architecture and
are recommended for use in developing and implementing ITSM applications that facilitate enterprise-wide interoperability and standardization.
For additional information, please refer to the Appendix.
General
This Information applies to all Systems Management within Labor and Industry and establishes enterprise-wide product standards to support the
management of IT Service Support (Incident & Problem Management, Change, Configuration & Release Management and Service Level
Management) to reduce their total cost of ownership. All new ITSM projects are required to use the “Current Standard” product(s) as specified in the Appendix, to deliver this service support functionality.
L&I Enterprise Standards
122
This document, comprised of multiple sections, provides specific procedural
information on the use of the standard ITSM product(s) for each of the primary ITSM functions listed below, as well as additional functionality.
• Asset Management
• Configuration Management • Change Management
• Help Desk Problem Management • Service Level Management
• Release Management
All new ITSM development projects are required to adhere to the operating
standards presented in this document for the design and delivery of ITSM services. Existing production applications are encouraged to adopt these
standards as well.
The main objectives of this policy are to:
• Standardize on ITSM applications that best meet current and future
enterprise requirements. • Increase opportunities to reuse developed ITSM applications, reduce
duplication of efforts, and improve application interoperability. • Increase opportunities for consolidation of like business processes.
• Provide for further standardization on developed ITSM applications. • Leverage existing ITSM applications where appropriate.
A list of ITSM production and operational standards has been compiled and
these standards have applicability across all current standard products and are required to be used for all ITSM application development efforts. If a
specific standard applies only to mission-critical applications, it will be
identified as such.
Definitions of Terms:
Asset Management - Process for the management of the physical inventory of the IT infrastructure. Management tasks include identification, control and
verification of all IT infrastructure hardware, software, networks, maintenance contracts, warranty agreements, etc. to determine current IT
capabilities and support. Provides a comprehensive solution to establish and enforce standard processes that identifies hardware and software asset
costs, attributes, configurations, relationships and usage and manages such throughout the asset lifecycle. Asset management ensures availability of
L&I Enterprise Standards
123
cost-effective and sustained levels of IT service to meet current business
needs and ability to adequately plan future service level needs.
Action Request (AR) System - A flexible foundation for automating complex business processes. Built for adaptability in a continuously changing
business environment, the AR System allows you to rapidly prototype, deploy, maintain and iterate for affordable, continuously optimized
applications.
ITIL (Information Technology Infrastructure Library) – ITIL is a set of concepts and best practices for Information Technology Services
Management (ITSM), IT development and IT operations. The most current version of ITIL is Version 3 and all Remedy applications from Version 7.5 and
newer follow these concepts and best practices.
IT Service Management (ITSM) - a top-down, business driven approach to
the management of IT that specifically addresses the strategic business value generated by the IT organization and the need to deliver a high quality
IT service. IT Service Management is designed to focus on the people, processes and technology issues that IT organizations face. ITSM is used
throughout ITIL Service Support and ITIL Service Delivery disciplines.
Incident Management - Process of rapid restoration of normal service following an event that is not part of standard service operations and that
causes an interruption or reduces the quality of service.
Problem Management - Process of identifying and removing errors in the IT infrastructure and proactively preventing the recurrence of incidents.
Problems are identified by analysis of incidents with common symptoms or analysis of a single significant event.
Change Management - Management of standardized methods processes and procedures for the efficient and prompt handling of IT changes to minimize
the impact of change related incidents on services.
Configuration Management - Process for the management of a logical model of the IT infrastructure. Management tasks include identification, control and
verification of all Configuration Items and versions (hardware, software, applications, etc)
Release Management - Process for management of all activities associated
with a large, major or critical release of software or hardware, and associated documentation and training/communication plans.
L&I Enterprise Standards
124
Service Desk - Single Point of Contact for users in need of IT services and/or
assistance (formerly known as the Help Desk).
Service Level Management - Process for management of ongoing service level agreement negotiations, monitoring, reporting and review, as well as
implementation of actions to improve levels of service.
Refresh Schedule
All standards identified in this document are subject to review and possible revision annually or upon request by the L&I–OIT Standards Committee.
Exemption from these standards
In the event of a need for an exemption, for reasons such as the need to
comply with requirements for a Federally mandated system, an „Enterprise
Standards Waiver Request‟ form must be submitted via e-mail to: L&I Software Review Committee.
For additional information, please refer to the Appendix.
Questions
Questions regarding this general standards statement should be directed to Edward Bowlen, Chief, Standards Development and Compliance Division, Bureau of Enterprise Architecture, at [email protected].
L&I Enterprise Standards
125
Issued by: L&I OIT Enterprise Standards Steering Committee
Date Issued: 07-20-2010
Date Revised: 07-20-2010
Domain: Systems Management
Discipline: IT Service Management
Technology IT Service Management (ITSM) Product and Platform Standards
Document Title:
Referenced by:
DLI/OIT Enterprise Standards
CURRENT STANDARDS
Technology Platforms Comments
Remedy Action
Request System 7.6
All L&I Standard, not OA
Remedy Action
Request System 7.5
All L&I Standard, not OA
CONTAIN
Technology Platforms Comments
Remedy Action Request System 7.1
All L&I Standard, not OA
RETIRE
Technology Platforms Comments
Remedy Action Request System 7.0
All L&I Standard, not OA
Remedy Action Request System 6.3
All OA Standard, not L&I
L&I Enterprise Standards
126
EMERGING / RESEARCH
Technology Platforms Comments
Remedy Action
Request System 8.0
All
L&I Enterprise Standards
127
Appendix
„Enterprise Standards Waiver Request‟ form: Enterprise Standards Waiver Request
Memos: Enterprise Memos
Additional policies and standards that apply to agencies, boards and commissions under the
Governor‟s jurisdiction are listed below. They can be accessed through the following link:
OA ITB Index
Access Domain (ACC)
ITB-ACC001 - IT Accessibility Policy
Application Domain (APP)
ITB-APP001- Business Solutions Center of Excellence (BSCoE)
ITB-APP002 - Web Server / Application Server Standards
ITB-APP003 - Search Technology Standards
ITB-APP004 - Collaboration Technology Standards, Issued
ITB-APP005 - Commonwealth of Pennsylvania Web Site Standards
ITB-APP006 - Addressing Solutions Standards, Issued
ITB-APP007 - Commonwealth of Pennsylvania External Web Site Linking Policy,
ITB-APP008 - Business Process Management Policy (BPM)
ITB-APP009 - Automatic Vehicle Location (AVL) Technology Standard
ITB-APP010 - Alerting and Notification Service Standards
ITB-APP011 - Application Development Languages
ITB-APP012 - Application Development Methodologies
ITB-APP013 - Integrated Development Environments
ITB-APP014 - Application Testing Tools Policy
ITB-APP015 - Web Development Frameworks
ITB-APP016 - Requirements, Data, and Object Modeling Tools
ITB-APP017 - Requirements Management Tools
ITB-APP018 - Software Configuration Management Tools
ITB-APP019 - Software Change Management Tools
ITB-APP020 - Open Source Software
ITB-APP021 - Forms Development Tools Policy
ITB-APP022 - Financial Applications Policy
ITB-APP023 - Human Resources Applications Policy,
ITB-APP024 - Supplier Relationship Management Applications Policy
ITB-APP025 - Customer Relationship Management Applications Policy
ITB-APP026 - Product Life Cycle Management Applications Policy
ITB-APP027 - Supply Chain Management Applications Policy
ITB-APP028 - Materials Management Applications Policy
ITB-APP029 - Portal Technology Standards
ITB-APP030 - Active Directory Architecture
ITB-APP031 - File Transfer Protocol (FTP) Policy
ITB-APP032 - Commonwealth of Pennsylvania Centralized E-Mail Policy
ITB-APP033 - Use of Freeware Policy
ITB-APP034 - Anti-Virus Technology Standards
ITB-APP035 - Internet Browser Policy
ITB-APP036 - Office Productivity Software Policy
ITB-APP037 - Document Viewer and Reader Policy
ITB-APP038 - SAP Graphical User Interface (GUI)
L&I Enterprise Standards
128
Business Domain (BUS)
ITB-BUS001 - Integrated Enterprise System SAP License Review
ITB-BUS002 - Transactions Fee Policy
ITB-BUS003 - Emergency Telework Policy
Information Domain (INF)
ITB-INF001 - Database Management Systems
ITB-INF002 - Metadata Standards
ITB-INF003 - Data Modeling Standards
ITB-INF004 - Data Warehouse Standards
ITB-INF005 - Mobile Data Standards
ITB-INF006 - Commonwealth County Code Standard
ITB-INF009 - e-Discovery Technology Standard
ITB-INF010 - Business Intelligence Policy
ITB-INF011 - Reporting Policy
ITB-INF012 - Dashboard Policy
ITB-INFGT001 - Geospatial Information Systems (GIS)
ITB-INFRM001 - The Life Cycle of Records: General Policy Statement
ITB-INFRM004 - Management of Web Records
ITB-INFRM005 - System Design Review of Electronic Systems
ITB-INFRM006 - Electronic Documents Management Systems
ITB-INFRM007 - Management of Electronic Information Created via Multi-Functional
Devices or Other non-EDMS Desktop Scanners
Integration Domain (INT)
ITB-INT001 - Message Oriented Middleware
ITB-INT006 - Business Rules Engine
ITB-B.1 - Electronic Commerce Formats and Standards
ITB-B.2 - Electronic Commerce Interface Guidelines
Network Domain (NET)
ITB-NET001 - Wireless LAN Technology
ITB-NET002 - Network Router and Switch Technology Standards
ITB-NET003 - Enterprise Voice Communications
ITB-NET004 - Internet Protocol Address Standards
ITB-NET005 - Commonwealth Domain Naming Standards (DNS) and Configuration
ITB-NET007 - Capitol Complex Cable Television (CATV) Services
ITB NET008 - Telecommunications Services for Commonwealth Business Partners
ITB-NET009 - Video Conferencing Services for the Commonwealth of PA
ITB-NET010 - Commonwealth of Pennsylvania Satellite Services & Equipment Policy
ITB-NET015 - Enterprise Network Maintenance Scheduling
ITB NET016 - Wireless Cellular Data Technology
ITB-NET017 - Network Timing Protocol
ITB-NET018 - Internet Access
Platform Domain (PLT)
ITB-PLT001 - Desktop and Laptop Technology Standards
ITB-PLT004 - Statewide PC / Terminal Maintenance Contract
ITB PLT005 - Intel Based Server Operating System Policy
ITB-PLT010 - CoPA Policy for the Management of Networked Printers and Multi-Function
Equipment
ITB-PLT011 - Mobile Device Policy and Standards
L&I Enterprise Standards
129
ITB-PLT012 - Use of Privately Owned PCs to Access CoPA Resources
ITB-PLT015 - Office Class Printer Device Policy
ITB-PLT017 - Desktop and Laptop Operating System Standards
Privacy Domain (PRV)
ITB-PRV001 - Commonwealth of Pennsylvania Electronic Information Privacy Policy
ITB-PRV002 - Electronic Information Privacy Officer
Project Management Domain (EPM)
ITB-EPM001 - Integrated Project and Portfolio Management System (IPPMS)
ITB-EPM002 - Enterprise E-learning Solution
ITB-EPM003 - IT Procurement Review Process
ITB-EPM005 - Enterprise Learning Management System
Security Domain (SEC)
ITB-SEC001 - Enterprise Host Security Software Suite Standards and Policy
ITB-SEC002 - Internet Accessible Proxy Servers and Services
ITB-SEC003 - Enterprise Security Auditing and Monitoring - Internet Access Control and
Content Filtering (IACCF) Standard
ITB-SEC004 - Enterprise Web Application Firewall
ITB-SEC005 - Commonwealth Application Certification and Accreditation
ITB-SEC006 - Commonwealth of Pennsylvania Electronic Signature Policy
ITB-SEC007 - Minimum Standards for User IDs and Passwords
ITB-SEC008 - Enterprise E-mail Encryption
ITB-SEC009 - Minimum Contractor Background Checks Policy
ITB-SEC010 - Virtual Private Network Standards
ITB-SEC011 - Enterprise Policy and Software Standards for Agency
ITB-SEC012 - Commonwealth of PA System Logon Banner Requirements Policy
ITB-SEC013 - Identity Protection and Access Management (IPAM) Architectural Standard -
Identity Management Services
ITB-SEC014 - Identity Protection and Access Management (IPAM) Architectural Standard –
Identity Management Technology Standards
ITB-SEC016 - Commonwealth of Pennsylvania – Information Security Officer Policy
ITB-SEC017 - CoPA Policy for Credit Card Use for e-Government Applications
ITB-SEC019 - Policy and Procedures for Protecting Commonwealth Electronic Data
ITB-SEC020 - Encryption Standards for Data at Rest
ITB SEC021 - Security Information and Event Management Policy
ITB-SEC023 - Security Assessment and Testing Policy
ITB-SEC024 - IT Security Incident Reporting Policy
ITB-SEC027 - Standard for Electronic Postmarks
ITB-SEC029 - Minimum Standards for Improving Physical Security Access
ITB-SEC031 - Encryption Standards for Data in Transit
ITB-SEC034 - Enterprise Firewall Rule Set
Systems Management Domain (SYM)
ITB-SYM001 - Enterprise IT Service Management Standards
ITB SYM003 - Off-Site Storage for Commonwealth Agencies
ITB SYM004 - Policy for Establishing Alternate Processing Sites for Commonwealth Agencies
ITB-SYM006 - Desktop and Server Software Patching Policy
ITB-SYM007 - Guidelines for Deploying BlackBerry Devices in Commonwealth Agencies
ITB-SYM008 - Server Virtualization Policy
ITB-SYM009 - Commonwealth of Pennsylvania Data Cleansing Policy