Date Questionnaire Sent to the IGC PMO:
Date IGC PMO Received Questionnaire:
Questions Related to Technical Environment Connectivity
1. Does the
system have environments (Dev, Test, Stage, Prod) to support the
IGC Data Broker
2. Are the environments in place and stable?
3. If yes, where is your system hosted
, per environment if they differ
(DISA DECC, commercial
environment, military installation, etc)?
4. If not on DISA network (e.g., Component network), doe
know the process and POCs for
gaining access to their servers on that network?
5. If your system is still in development or is operational, please attach a copy of your release schedule
showing major milestones such as IATC, ATC, IATO, AT
of the following preferred communication methods for
the requested data:
__ SFTP or Secure File Gateway (SFG)
Please complete the questions below
for the communication method sel
Please specify your SFTP Client and server software (vendor / version / patch level)?
What operating system will your SFTP client be hosted on?
Will you be using the standard SFTP port? If not please specify the port number.
a push or pull of data required?
If data is
you, the IGC
to the IGC Data Broker
, you must initiate the SFTP transfer.
Do your developers have experience in succ
essfully configuring SFTP certificate based
If yes, please briefly describe your experience.
If you desire a pull interface, you will be required to delete the files once you have retrieved them with SFTP.
Does your software support
6b. Web Service Call:
Please select the appropriate configuration:
IGC Data Broker Hosted Web Service, i.e. you call a Web Service to retrieve your data
Hosted Web Service, i.e. the IGC data broker calls your Web Service to send t
Please complete the questions below as applicable for your selection:
Provider Hosted Web Service Call (by Broker to provider to push data)
Is the web service already developed?
If yes, please attach WSDL.
Do you enforce Web Services Security
Select following policy assertions your Web Service enforces:
Enforce expiration? ___ Y ___ N
__ UsernameToken (note, IGC does not currently support sending password digests, only text)
equired signed SOAP message body? ___ Y ___ N
Require encrypted SOAP message body? ___ Y ___ N
Is your Web Service WS
I Basic Profile v1.1 compliant
(not SOAP 1.2 compliant)
If so, remove the bindin
g and port for SOAP 1.2 from the WSDL you attach.
If not, please select which version of SOAP you implement:
Does your Web Service check for SAML assertions?
Note that on behalf of client application, IGC Data Broker will add
a SAML assertion for the initial request
other Web Services standards
your Web Service enforces (i.e. WS Notification, SAML, etc)
What port does the service run on?
What application software hosts the service (vendor, prod
uct, version, OS)?
IGC Data Broker Hosted Web Service (by Broker; provider will pull data)
Can you support https over 443?
Do you have certificates available for entry in public keystore/LDAP?
Will you be using COTS or developed software to call the IGC
hosted Web Service?
If you will be using COTS, please specify the vendor, product, version, and OS.
If you will be using developed code, has this code already been developed and tested, what language is/will it
be implemented in, what operating system do
es it run on?
IGC Data Broker implements the following Web Services standards
note that standards are continuously
being considered and undergo an adoption process
WS Security (WSS) 1.0
XML Digital Signature (XMLDigSig)
Broker enforces Web Services Security (WSS) 1.0.
Note the following policy assertions IGC Data Broker hosted Web Service enforces:
Timestamp (in seconds)
Signature (SOAP message body signed)
X.509 Authentication (Direct reference only)
hat IGC Data Broker Web Services are compliant with WS
I Basic Profile 1.1 and does not currently
support SOAP 1.2.
The IGC Data Broker Web Service will generate a SOAP Fault (indicating a Version
Mismatch) for each SOAP 1.2 request received.
ped code please attach any design artifacts that might be useful in evaluation of this checklist.
JMS using external webMethods libraries like ALSB)
Please specify the environment running your JMS cli
ent (vendor, product, version, OS)?
Can your product suite use external libraries to perform JMS connections?
Is JMS approved by your organizations security office?
Do you have a certificate for entry in public keystore/LDAP
libraries like ALSB
webMethods JMS Adapter
Please specify the environment
running your JMS
Does your JMS provider use SSL for authentication?
Does your JMS c
lient support message encryption?
(hosted by consumer)
Is MQ Series approved by your organizations security organization?
Please provide the
IP/hostname, port, and q
, if available.
WebSphere/MQ IP/hostname, port, and q
will be communicated with your
7. Is the
system developer experienced with the proposed communication method?
8. Is the proposed commu
nication method supported by approved ports, protocols, and service
9. Is the
system able to support PKI encryption using DoD certificates (i.e., SSH key exchange
way SSL authentication, WSS X509 Authentication
10. Is the
system developer experienced with PKI encryption using DoD certificates (i.e., SSH
way SSL authentication, WSS X509 Authentication
11. What is the lead time in your organization for submitting requests, gaining approval for, and
implementing firewall modifications?
12. What are the potential firewall/security issues
IGC Data Broker
ought to know in order to
successfully interface with the
13. What tools will the
system use to connect to
IGC Data Bro
Questions Related to Data Exchange
. What is the type of data exchange (i.e., batch or near real
15. What is the data exchange frequency (i.e., one time/per day, near real
time query, etc)?
. What is the data exchange size?
hat is the data file format (i.e., XML, flat file, etc)?
. What is the estimated volume of data exchange per batch file/near real
. How many fi l e s are i nvol ve d i n e ach data e xchange (i.e., two
backorde r and re qui s i ti on s tatus
20. How l ong
i s data re tai ne d for i mme di ate
re pl ay
(1 day, 7 days, othe r)
What i s the re te nti on pe ri od of archi ve d data
6 months, 1 ye ar, 5 ye ars, othe r
If IDE re qui re s re pl ay of archi ve d data, h
ow l ong
woul d i t typi cal l y
re tri e ve
and make i t avai l abl e for re pl ay?
Attache d i s a l i s t of the cons ume r s ys te m’s data e l e me nt re qui re me nt. Re vi e w the l i s t and i ndi cate
whi ch data e l e me nts you are abl e to provi de.
. Othe r Comme nts: