Upgrade StorageUsers in the US Federal Gov, particularly CDC
Hi there! I couldn't find any post on this, but I'm trying to get Zotero standalone approved at CDC. We currently have the Firefox extension approved, but (interestingly) we can't have Firefox on our laptops.
Anyway, just looking to connect, but also wonder if anyone knows how to answer these questions from our software request form (particularly # 2-5 below). I could only find a searchable database for #4.
Thanks!
1) Does the software product require Elevated Privileges (EPv) (e.g., power user or administrator level) on the user workstation(s) for operation and functionality after initial installation?
1a) If Elevated Privileges is required for operation; please explain why it is needed for the program to run.
2) Indicate whether or not the software product has been successfully evaluated under: National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS)
https://www.niap-ccevs.org/
3) Indicate whether or not the software product has been successfully evaluated under: National Institute of Standards and Technology (NIST), Federal Information Processing Standards (FIPS) Cryptographic Module Validation Program https://csrc.nist.gov/projects/cryptographic-module-validation-program
4) Were vulnerabilities found in the National Vulnerability Database? https://nvd.nist.gov/vuln/search?execution=e2s1
5) Were vulnerabilities found in Open Source Vulnerability Database? https://nvd.nist.gov/
Anyway, just looking to connect, but also wonder if anyone knows how to answer these questions from our software request form (particularly # 2-5 below). I could only find a searchable database for #4.
Thanks!
1) Does the software product require Elevated Privileges (EPv) (e.g., power user or administrator level) on the user workstation(s) for operation and functionality after initial installation?
1a) If Elevated Privileges is required for operation; please explain why it is needed for the program to run.
2) Indicate whether or not the software product has been successfully evaluated under: National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS)
https://www.niap-ccevs.org/
3) Indicate whether or not the software product has been successfully evaluated under: National Institute of Standards and Technology (NIST), Federal Information Processing Standards (FIPS) Cryptographic Module Validation Program https://csrc.nist.gov/projects/cryptographic-module-validation-program
4) Were vulnerabilities found in the National Vulnerability Database? https://nvd.nist.gov/vuln/search?execution=e2s1
5) Were vulnerabilities found in Open Source Vulnerability Database? https://nvd.nist.gov/
Re 5: OSVD shut down years ago (see https://en.wikipedia.org/wiki/Open_Source_Vulnerability_Database), this would seem to be the closest current equivalent: https://osv.dev/, also no hits for Zotero.