Greetings, I am reaching out to you from the Department of Veterans Affairs (VA) where I am part of the team that reviews various information-based products from an information security perspective for use within VA. I am reviewing information regarding Apache Kafka and have a few questions listed below; please respond to the best of your ability so that I may use your answers to reach a final determination.
1. Can you please provide associated User Manual/Installation Guide of your technology? 2. Are there any software components needed for this technology? 3. What kind of Licensing is needed, if any? Is it Freeware? Open Source? Is there a free trial period? 4. What Operating Systems are supported? Please list server/client. 5. Does the technology connect to other devices or other hardware systems (i.e servers)? If yes, could you please provide the server type and connection details (i.e. Microsoft SQL server, MySQL, IIS etc)? 6. To what extent does this technology use a FIPS 140-2 validated cryptographic module, and what is the certification number? 7. Are there any Runtime Dependencies? (software only) 8. Are there any Companion Technologies associated with this product? 9. What are the Version Numbers and Major Release Dates for this product? 10. *VERY IMPORTANT*Does the technology store any data, and if so, how does it store data? Is data stored locally or in a database? What information/data is stored? Can you please explain the flow of data (i.e. how data is sent to storage and stored) and the database details (i.e. the type of database)? Does it support data encryption? What type of encryption? 11. Is this technology available for on-premise deployment? 12. Does this technology use a cloud? If yes, What Cloud Service Provider (CSP) agreements have been set for this product to be used securely through the cloud? 13. Is there a Voluntary Product Accessibility Template (VPAT) program in place to assess Section 508 compliance? Best regards, Caleb Laster AWS CCP, Security+, ITIL (Contractor) Security Analyst Solution Delivery (SD) IT Operations and Services (ITOPS), Office of Information and Technology (OIT) Office: 202-382-9309 Monday-Friday
