npm - ccs-digitalmarketplace-frameworks - Versions diffs - 4.11.2 → 4.11.4 - Mend

ccs-digitalmarketplace-frameworks 4.11.2 → 4.11.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/frameworks/g-cloud-15/manifests/edit_service_as_admin.yml CHANGED Viewed

@@ -36,4 +36,58 @@
   questions:
     - multiqWebInterface
     - multiqAPIHosting
-    - multiqCommandLineInterface
+    - multiqCommandLineInterface
+- name: Onboarding and offboarding
+  editable: True
+  questions:
+    - gettingStarted
+    - multiqDocumentation
+    - endOfContractDataExtraction
+    - endOfContractProcess
+- name: Backups and recovery
+  editable: True
+  questions:
+    - multiqServiceBacksUp
+- name: Analytics
+  editable: True
+  questions:
+    - multiqMetricsHosting
+- name: Scaling
+  editable: True
+  questions:
+    - multiqUsageNotifications
+- name: Data-in-transit protection
+  editable: True
+  questions:
+    - multiqDataProtectionBetweenNetworks
+    - multiqDataProtectionWithinNetwork
+- name: Asset protection
+  editable: True
+  questions:
+    - multiqDataStorageAndProcessing
+    - multiqPenetrationTesting
+    - multiqProtectionOfDataAtRest
+    - multiqDataSanitisation
+- name: Availability and resilience
+  editable: True
+  questions:
+    - guaranteedAvailability
+    - approachToResilience
+    - outageReporting
+- name: Separation between users
+  editable: True
+  questions:
+    - multiqVirtualisation
+- name: Governance
+  editable: True
+  questions:
+    - boardLevelServiceSecurity

package/frameworks/g-cloud-15/manifests/edit_submission.yml CHANGED Viewed

@@ -47,4 +47,67 @@
   questions:
     - multiqWebInterface
     - multiqAPIHosting
-    - multiqCommandLineInterface
+    - multiqCommandLineInterface
+- name: Onboarding and offboarding
+  editable: False
+  edit_questions: True
+  questions:
+    - gettingStarted
+    - multiqDocumentation
+    - endOfContractDataExtraction
+    - endOfContractProcess
+- name: Backups and recovery
+  editable: False
+  edit_questions: True
+  questions:
+    - multiqServiceBacksUp
+- name: Analytics
+  editable: False
+  edit_questions: True
+  questions:
+    - multiqMetricsHosting
+- name: Scaling
+  editable: False
+  edit_questions: True
+  questions:
+    - multiqUsageNotifications
+- name: Data-in-transit protection
+  editable: False
+  edit_questions: True
+  questions:
+    - multiqDataProtectionBetweenNetworks
+    - multiqDataProtectionWithinNetwork
+- name: Asset protection
+  editable: False
+  edit_questions: True
+  questions:
+    - multiqDataStorageAndProcessing
+    - multiqPenetrationTesting
+    - multiqProtectionOfDataAtRest
+    - multiqDataSanitisation
+- name: Availability and resilience
+  editable: False
+  edit_questions: True
+  questions:
+    - guaranteedAvailability
+    - approachToResilience
+    - outageReporting
+- name: Separation between users
+  editable: False
+  edit_questions: True
+  questions:
+    - multiqVirtualisation
+- name: Governance
+  editable: False
+  edit_questions: True
+  questions:
+    - boardLevelServiceSecurity

package/frameworks/g-cloud-15/metadata/copy_services.yml CHANGED Viewed

@@ -7,18 +7,10 @@ questions_to_exclude:
   - accessRestrictionTesting
   - accreditationsOther
   - accreditationsOtherList
-  - approachToResilience
   - auditBuyersActions
   - auditBuyersActionsStorage
   - auditSuppliersActions
   - auditSuppliersActionsStorage
-  - backup
-  - backupControls
-  - backupDatacentre
-  - backupRecovery
-  - backupScheduling
-  - backupWhatData
-  - boardLevelServiceSecurity
   - browsersAccess
   - browsersSupported
   - cloudDeploymentModel
@@ -32,31 +24,13 @@ questions_to_exclude:
   - dataExportHow
   - dataImportFormats
   - dataImportFormatsOther
-  - dataProtectionBetweenNetworks
-  - dataProtectionBetweenNetworksOther
-  - dataProtectionWithinNetwork
-  - dataProtectionWithinNetworkOther
-  - dataSanitisation
-  - dataSanitisationType
-  - dataSanitisationTypeHosting
-  - dataSanitisationTypeSoftware
-  - dataStorageAndProcessing
-  - dataStorageAndProcessingLocations
-  - dataStorageAndProcessingUserControl
   - datacentreSecurityStandards
   - devicesUsersManageTheServiceThrough
-  - documentation
-  - documentationAccessibility
-  - documentationAccessibilityDescription
-  - documentationFormats
-  - documentationFormatsOther
   - educationPricing
   - emailOrTicketingSupport
   - emailOrTicketingSupportAccessibility
   - emailOrTicketingSupportPriority
   - emailOrTicketingSupportResponseTimes
-  - endOfContractDataExtraction
-  - endOfContractProcess
   - energyEfficientDatacentres
   - energyEfficientDatacentresDescription
   - equalOpportunity
@@ -65,10 +39,8 @@ questions_to_exclude:
   - freeVersionDescription
   - freeVersionLink
   - freeVersionTrialOption
-  - gettingStarted
   - governmentSecurityClearances
   - governmentSecurityClearancesFilter
-  - guaranteedAvailability
   - howLongSystemLogsStored
   - incidentManagementApproach
   - incidentManagementType
@@ -80,10 +52,6 @@ questions_to_exclude:
   - managementAccessAuthenticationDescription
   - metrics
   - metricsDescription
-  - metricsHosting
-  - metricsHostingHow
-  - metricsHostingWhat
-  - metricsHostingWhatOther
   - metricsHow
   - metricsSoftware
   - metricsSoftwareDescription
@@ -96,9 +64,6 @@ questions_to_exclude:
   - ongoingSupportDescription
   - ongoingSupportServices
   - onsiteSupport
-  - outageReporting
-  - penetrationTesting
-  - penetrationTestingApproach
   - phoneSupport
   - phoneSupportAvailability
   - planningService
@@ -111,8 +76,6 @@ questions_to_exclude:
   - priceMin
   - priceUnit
   - pricingDocumentURL
-  - protectionOfDataAtRest
-  - protectionOfDataAtRestOther
   - protectiveMonitoringApproach
   - protectiveMonitoringType
   - publicSectorNetworks
@@ -184,21 +147,12 @@ questions_to_exclude:
   - trainingDescription
   - trainingServiceSpecific
   - trainingServiceSpecificList
-  - usageNotifications
-  - usageNotificationsHow
-  - usageNotificationsHowOther
   - userAuthentication
   - userAuthenticationDescription
   - userAuthenticationHosting
   - userAuthenticationNeeded
   - userAuthenticationSoftware
   - userSupportAccessibility
-  - virtualisation
-  - virtualisationImplementedBy
-  - virtualisationSeparation
-  - virtualisationTechnologiesUsed
-  - virtualisationTechnologiesUsedOther
-  - virtualisationThirdPartyProvider
   - vulnerabilityManagementApproach
   - vulnerabilityManagementType
   - webChatSupport

package/frameworks/g-cloud-15/questions/services/approachToResilience.yml ADDED Viewed

@@ -0,0 +1,27 @@
+name: Approach to resilience
+question: Describe how your service is designed to be resilient.
+question_advice: >
+  Include how your datacentre setup is resilient. If you don’t want to make this information public, you can say that
+  it’s available on request.
+  Read about the government’s <a
+  href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-2-asset-protection-and-resilience#resilience"
+  target="_blank" rel="noopener noreferrer">2nd cloud security principle: ‘Asset protection and resilience’ (link opens
+  in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 200
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_200_words
+    message: Description must be 200 words or fewer.
+  - name: under_character_limit
+    message: Description must be 2000 characters or fewer.

package/frameworks/g-cloud-15/questions/services/backup.yml ADDED Viewed

@@ -0,0 +1,29 @@
+name: Backup and recovery
+question: Does your service provide backup and recovery?
+filter_label: backup and recovery is available
+depends:
+  - 'on': lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  backupWhatData:
+    - true
+  backupControls:
+    - true
+  backupDatacentre:
+    - true
+  backupScheduling:
+    - true
+  backupRecovery:
+    - true
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if your service provides backup and recovery.

package/frameworks/g-cloud-15/questions/services/backupControls.yml ADDED Viewed

@@ -0,0 +1,25 @@
+name: Backup controls
+question: How do users control what backups are performed?
+question_advice: Include, for example, whether users can back up different things on a different schedule.
+hidden: true
+depends:
+  - 'on': lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 100
+validations:
+  - name: answer_required
+    message: Enter details of how users can control what backups are performed.
+  - name: under_100_words
+    message: Description must be 100 words or fewer.
+  - name: under_character_limit
+    message: Description must be 1000 characters or fewer.

package/frameworks/g-cloud-15/questions/services/backupDatacentre.yml ADDED Viewed

@@ -0,0 +1,31 @@
+name: Datacentre setup
+question: "What’s your datacentre setup?"
+hidden: true
+depends:
+  - 'on': lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: checkboxes
+options:
+  - label: Multiple datacentres with disaster recovery
+    value: multiple_with_dr
+    filter_label: multiple datacentres with disaster recovery
+  - label: Multiple datacentres
+    value: multiple
+    filter_label: multiple datacentres
+  - label: Single datacentre with multiple copies
+    value: single_with_copies
+    filter_label: single datacentre with multiple copies
+  - label: Single datacentre
+    value: single
+    filter_label: single datacentre
+validations:
+  - name: answer_required
+    message: Select a datacentre setup.

package/frameworks/g-cloud-15/questions/services/backupRecovery.yml ADDED Viewed

@@ -0,0 +1,23 @@
+name: Backup recovery
+question: How do users recover backups?
+hidden: true
+depends:
+  - 'on': lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: checkboxes
+options:
+  - label: Users can recover backups themselves, for example through a web interface
+    value: user_recovery
+  - label: Users contact the support team
+    value: support_request
+validations:
+  - name: answer_required
+    message: Select a recovery method.

package/frameworks/g-cloud-15/questions/services/backupScheduling.yml ADDED Viewed

@@ -0,0 +1,25 @@
+name: Scheduling backups
+question: How do users schedule backups?
+hidden: true
+depends:
+  - 'on': lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: radios
+options:
+  - label: Users schedule backups through a web interface
+    value: user_defined
+  - label: Users contact the support team to schedule backups
+    value: support_request
+  - label: Supplier controls the whole backup schedule
+    value: supplier_defined
+validations:
+  - name: answer_required
+    message: Select how users schedule backups.

package/frameworks/g-cloud-15/questions/services/backupWhatData.yml ADDED Viewed

@@ -0,0 +1,31 @@
+name: "What’s backed up"
+question: What can the service back up?
+question_advice: Examples include files, virtual machines, or databases.
+hint: 10 words for each backup item, 10 backup items maximum.
+optional: true
+hidden: true
+depends:
+  - 'on': lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+list_item_name: backup item
+type: list
+validations:
+  - name: answer_required
+    message: Enter a backup item.
+  - name: max_items_limit
+    message: You must have 10 or fewer backup items.
+  - name: under_10_words
+    message: Each backup item must be 10 words or fewer.
+  - name: under_character_limit
+    message: Each backup item must be 100 characters or fewer.

package/frameworks/g-cloud-15/questions/services/boardLevelServiceSecurity.yml ADDED Viewed

@@ -0,0 +1,19 @@
+name: Named board-level person responsible for service security
+question: Does your organisation have a named person with board-level (or equivalent) authorisation who’s responsible for the
+  security of all of your services?
+question_advice: >
+  Read about the government’s <a href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-4-governance-framework"
+  target="_blank" rel="noopener noreferrer">4th cloud security principle: ‘Governance framework’ (link opens in a new
+  tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if your organisation has a board-level person responsible for service security.

package/frameworks/g-cloud-15/questions/services/dataProtectionBetweenNetworks.yml ADDED Viewed

@@ -0,0 +1,40 @@
+name: Data protection between buyer and supplier networks
+question: How do you protect data between the buyer’s network and your network?
+question_advice: >
+  Read about the government’s <a
+  href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-1-data-transit-protection" target="_blank"
+  rel="noopener noreferrer">1st cloud security principle: ’Data-in-transit protection’ (link opens in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  dataProtectionBetweenNetworksOther:
+    - other
+type: checkboxes
+options:
+  - label: Private network or public sector network
+    value: private_or_psn
+    filter_label: private network or public sector network
+  - label: TLS (Version 1.2 or above)
+    value: tls
+    filter_label: TLS (version 1.2 or above)
+  - label: IPsec or TLS VPN gateway
+    value: ipsec_or_vpn
+  - label: Bonded fibre optic connections
+    value: bonded_fibre
+    filter_label: bonded fibre optic connections
+  - label: Legacy SSL and TLS (under 1.2)
+    value: legacy_ssl
+    filter_ignore: true
+    filter_label: legacy SSL and TLS (under version 1.2)
+  - label: Other
+    value: other
+    filter_ignore: true
+validations:
+  - name: answer_required
+    message: Select a data protection method.

package/frameworks/g-cloud-15/questions/services/dataProtectionBetweenNetworksOther.yml ADDED Viewed

@@ -0,0 +1,20 @@
+name: Other protection between networks
+question: Describe how else you protect data between the buyer’s network and your network.
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 100
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_100_words
+    message: Description must be 100 words or fewer.
+  - name: under_character_limit
+    message: Description must be 1000 characters or fewer.

package/frameworks/g-cloud-15/questions/services/dataProtectionWithinNetwork.yml ADDED Viewed

@@ -0,0 +1,34 @@
+name: Data protection within supplier network
+question: How do you protect data within your network?
+question_advice: >
+  Read about the government’s <a
+  href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-1-data-transit-protection" target="_blank"
+  rel="noopener noreferrer">1st cloud security principle: ’Data-in-transit protection’ (link opens in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  dataProtectionWithinNetworkOther:
+    - other
+type: checkboxes
+options:
+  - label: TLS (Version 1.2 or above)
+    value: tls
+    filter_label: TLS (version 1.2 or above)
+  - label: IPsec or TLS VPN gateway
+    value: ipsec_or_vpn
+  - label: Legacy SSL and TLS (under 1.2)
+    value: ssl
+    filter_ignore: true
+    filter_label: legacy SSL and TLS (under version 1.2)
+  - label: Other
+    value: other
+    filter_ignore: true
+validations:
+  - name: answer_required
+    message: Select a data protection method.

package/frameworks/g-cloud-15/questions/services/dataProtectionWithinNetworkOther.yml ADDED Viewed

@@ -0,0 +1,21 @@
+name: Other protection within supplier network
+question: Describe how else you protect data within your network.
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 100
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_100_words
+    message: Description must be 100 words or fewer.
+  - name: under_character_limit
+    message: Description must be 1000 characters or fewer.

package/frameworks/g-cloud-15/questions/services/dataSanitisation.yml ADDED Viewed

@@ -0,0 +1,22 @@
+name: Data sanitisation process
+question: Do you have a data sanitisation process?
+question_advice: >
+   Read about the government’s <a
+   href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-2-asset-protection-and-resilience#sanitisation"
+   target="_blank" rel="noopener noreferrer">2nd cloud security principle: ‘Asset protection and resilience’ (link opens
+   in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  dataSanitisationType:
+    - true
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if you have a data sanitisation process.

package/frameworks/g-cloud-15/questions/services/dataSanitisationTypeHosting.yml ADDED Viewed

@@ -0,0 +1,23 @@
+id: dataSanitisationType
+name: Data sanitisation type
+question: What type of data sanitisation process do you have?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: checkboxes
+options:
+  - label: Explicit overwriting of storage before reallocation
+    value: overwriting
+  - label: Deleted data can’t be directly accessed
+    value: no_access
+  - label: Hardware containing data is completely destroyed
+    value: hardware_destroyed
+validations:
+  - name: answer_required
+    message: Select a data sanitisation process.

package/frameworks/g-cloud-15/questions/services/dataSanitisationTypeSoftware.yml ADDED Viewed

@@ -0,0 +1,21 @@
+id: dataSanitisationType
+name: Data sanitisation type
+question: What type of data sanitisation process do you have?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: checkboxes
+options:
+  - label: Explicit overwriting of storage before reallocation
+    value: overwriting
+  - label: Deleted data can’t be directly accessed
+    value: no_access
+validations:
+  - name: answer_required
+    message: Select a data sanitisation process.

package/frameworks/g-cloud-15/questions/services/dataStorageAndProcessing.yml ADDED Viewed

@@ -0,0 +1,24 @@
+name: Knowledge of data storage and processing locations
+question: Do you know where your data is stored and processed?
+question_advice: >
+  Read the government’s <a
+  href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-2-asset-protection-and-resilience#physical"
+  target="_blank" rel="noopener noreferrer">cloud security guidance for data storage (link opens
+  in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  dataStorageAndProcessingLocations:
+    - true
+  dataStorageAndProcessingUserControl:
+    - true
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if you know where your data is stored and processed.