MongoDB / Node.JS Certificate of Networthiness

[Frank Hale]

Does anyone know if the Army has a Certificate of Networthiness for MongoDB and Node.JS?

[Kit Plummer]

I'd be interested to know as well.  Is anyone running MongoDB in a "high" production environment, or really anything production?

Kit

On Feb 5, 2013, at 12:07 PM, Frank Hale <fran...@gmail.com> wrote:

Does anyone know if the Army has a Certificate of Networthiness for MongoDB and Node.JS?

--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
 
www.mil-oss.org
 
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Michael Wood]

Never heard of Mongodb having a CON. I know postgres database did through enterprisedb at one point.

[Craig Vitter]

MongoDB is definitely running in one or more "high" environments with at least an IATO as part of a solution. I don't have personal knowledge of it having been approved individually but Will from 10Gen should be able to answer that question.

Craig

Craig Vitter
Product Evangelist | IKANOW
M: 703.472.8842
E:  cvi...@ikanow.com
W: www.ikanow.com

[Will LaForest]

To answer Frank's initial question, MongoDB has a received a CON for use at Army.  It was initiated and granted for a project out of Aberdeen.  I no longer have a CAC but I was told you can look it up on AKO.  On the DoD side it is in a number of accredited systems including ones at SOUTHCOM, DISA, and CYBERCOM.  In the Intel community its well into the double digit deployments.  I doubt I'm even aware of all the usage in DoD so if there are other implementations I would love to hear about it.  If you are about to go through a C&A process let me know and 10gen can help you out.  We can connect you to people who have gone through the process and will have an independent STIG review available that can also be used to assist.

I'm not sure about Node.JS but I'll ask my friends over there. 

--

{ name     : "Will  LaForest", 

  title    : "Senior Director of 10gen Federal",

  phone    : "202.656.7651",

  location : "Washington, DC",

  twitter  : ["@WLaForest", "@10gen"],

  linkedin : "Will LaForest" }

[Kit Plummer]

Hey Will.

Do you know what version was CON'd, I don't have a CAC either but would like to know.

Kit

[shawn....@gmail.com]

On 2/6/13 1:04 AM, Will LaForest wrote:
> If you are about to go through a C&A process let me know and 10gen can
> help you out. We can connect you to people who have gone through the
> process and will have an independent STIG review available that can
> also be used to assist.

I think there is wide interest in this. Have you/do you plan to make
your STIG scripts public, and are you submitting them to DISA to become
an official "MongoDB STIG"?

[Frank Hale]

Thanks guys for the info. I'll do some digging on AKO to see if I can find more information about the CoN.

--
--
You received this message because you are subscribed to the "Military Open Source Software"  Google Group.
To post to this group, send email to mil...@googlegroups.com

To unsubscribe from this group, send email to mil-oss+unsubscribe@googlegroups.com

For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en

www.mil-oss.org

--- You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.

To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+unsubscribe@googlegroups.com.

[Christopher Sean Morrison]

I was unable to find MongoDB in the database.  Granted, the searching mechanism is absolutely terrible, but at least there doesn't seem to be anything specifically named with "mongo" or "mon" or "db" of any relevance.  It may have a CoN under some aggregate software or some other name, though.

Cheers!

Sean

[Kit Plummer]

Cool Frank.  Please report back what/if you find anything there.

To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com

For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
 
www.mil-oss.org
 
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.

To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.

[Frank Hale]

I'm actually on the Army's Certificate of Networthiness site now. I am also unable to find anything related to MongoDB and I can confim what Christopher has said, The search capability is terrible. I'm trying other means, I've pinged a National Guard internal developer distribution list. Hopefully somebody out there can give me a link to the relevant information so I can point my management to it.

If I can track the information down I'll pass it along.

[MIKE PAFFORD]

Sent from my Droid Charge on Verizon 4GLTE

------Original Message------
From: Kit Plummer <kitpl...@gmail.com>
To: <mil...@googlegroups.com>
Date: Wednesday, February 6, 2013 7:59:19 AM GMT-0700
Subject: Re: [mil-oss] MongoDB / Node.JS Certificate of Networthiness

Cool Frank. Please report back what/if you find anything there.

On Feb 6, 2013, at 7:43 AM, Frank Hale <fran...@gmail.com> wrote:

> Thanks guys for the info. I'll do some digging on AKO to see if I can find more information about the CoN.
>
>
> On Wed, Feb 6, 2013 at 9:33 AM, shawn....@gmail.com <shawn....@gmail.com> wrote:
> On 2/6/13 1:04 AM, Will LaForest wrote:
> If you are about to go through a C&A process let me know and 10gen can help you out. We can connect you to people who have gone through the process and will have an independent STIG review available that can also be used to assist.
>
> I think there is wide interest in this. Have you/do you plan to make your STIG scripts public, and are you submitting them to DISA to become an official "MongoDB STIG"?
>
>
> --
> --
> You received this message because you are subscribed to the "Military Open Source Software" Google Group.
> To post to this group, send email to mil...@googlegroups.com

[Will LaForest]

I will talk to my contacts and find out what the status is and where you can find information.  

[Frank Hale]

Thank you so much!

[Christopher Sean Morrison]

Found it.  They're apparently in the middle of transitioning to that terrible SharePoint web interface system, which seems to just be a total mess.  Anyways, the nightly snapshot spreadsheet lists it.  "10gen MongoDB 2.0" does indeed have a current CoN.

[Will LaForest]

Fantastic.  There should be another in the next couple of weeks from my understanding (probably a different version).

To answer the earlier question about the STIG.  Initially we will not have a script but a STIG finding report and secure configuration reccomendation to accompany it.

[Frank Hale]

That's awesome news. Can you provide a link to the nightly snapshot spreadsheet?

[Frank Hale]

I have my hands on a .pdf copy of the CoN for MongoDB. Thanks guys!

For those keeping score at home it's located on the Networthiness Homepage on AKO. You have to grab their nightly spreadsheet which is located on the left side of the page and the link is named "Networthiness Public Data". The link points here: https://www.us.army.mil/suite/doc/34818867

break;

Unfortunately I did not see Node.JS listed which is a real bummer!

[Will LaForest]

I spoke with the people at nodejitsu and they didn't know what a CoN was ;)  

[Frank Hale]

Sounds like a great opportunity for some education and more exposure!!!

[andy e]

re: node, I'll ask Joyent if they know of anything going on in DoD land.

We have Node 0.8.x approved for use for our customer (but we're in a lab and they're pretty good about letting us experiment).

andy

[Jeremy Sager]

Hi guys - 

Does anyone know if there's been any progress on this since February? I found two CONs for Mongo, but couldn't find anything for NodeJS.

Thanks,

Jeremy

--

  linkedin : "Will LaForest" }

[Will LaForest]

Unfortunately I didn't make any headway when I contacted the Nodejitsu folks.  They don't have a fed practice and so someone from the community will need fall on the sword.  We are working on yet another CoN for MongoDB but with the new memo about minor versions being covered the ones out there should be good enough until we get to 3.0

--

[Jeremy Sager]

Thanks Will, I appreciate it.

We're going to have a discussion today about whether we're willing to be the ones who roll those dice. I'll let you guys know.

Jeremy

[andy e]

I don't think I ever heard back from Joyent (Node owners/maintainers) but I pinged them again, too.

I do know of Node being used in a classified environment in several different groups (plus, many people are now using Node as a build tool in Rails 4 I think and I know there are some Rails deployments out there). If it helps you can call/email me high side and I can point you to them.

Send me an email off list and I'll give you contact details.

andy

[Eugene Park]

Hi Andy, did you ever hear back from Joyent?  We would like to use Node on a classified network where I'm working.  Could you maybe point me to someone you know who is already using it on a classified network?  Thank you, I really appreciate your time.