npm - ccs-digitalmarketplace-frameworks - Versions diffs - 4.11.3 → 4.11.5 - Mend

ccs-digitalmarketplace-frameworks 4.11.3 → 4.11.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/frameworks/g-cloud-15/manifests/edit_service.yml CHANGED Viewed

@@ -22,3 +22,8 @@
   editable: True
   questions:
     - multiqServiceFeaturesAndBenefitsHostingAndSoftware
+- name: Documents
+  editable: True
+  questions:
+    - serviceDefinitionDocumentURL

package/frameworks/g-cloud-15/manifests/edit_service_as_admin.yml CHANGED Viewed

@@ -60,3 +60,55 @@
   editable: True
   questions:
     - multiqUsageNotifications
+- name: Data-in-transit protection
+  editable: True
+  questions:
+    - multiqDataProtectionBetweenNetworks
+    - multiqDataProtectionWithinNetwork
+- name: Asset protection
+  editable: True
+  questions:
+    - multiqDataStorageAndProcessing
+    - multiqPenetrationTesting
+    - multiqProtectionOfDataAtRest
+    - multiqDataSanitisation
+- name: Availability and resilience
+  editable: True
+  questions:
+    - guaranteedAvailability
+    - approachToResilience
+    - outageReporting
+- name: Separation between users
+  editable: True
+  questions:
+    - multiqVirtualisation
+- name: Governance
+  editable: True
+  questions:
+    - boardLevelServiceSecurity
+- name: Standards and certifications
+  editable: True
+  questions:
+    - multiqStandardsCSASTAR
+    - multiqStandardsPCI
+    - multiqStandardsCyber
+    - multiqAccreditationsOther
+- name: Energy efficiency
+  editable: True
+  questions:
+    - multiqEnergyEfficiency
+- name: Documents
+  editable: True
+  questions:
+    - serviceDefinitionDocumentURL
+    - termsAndConditionsDocumentURL
+    - pricingDocumentURL
+    - sfiaRateDocumentURL

package/frameworks/g-cloud-15/manifests/edit_submission.yml CHANGED Viewed

@@ -75,3 +75,63 @@
   edit_questions: True
   questions:
     - multiqUsageNotifications
+- name: Data-in-transit protection
+  editable: False
+  edit_questions: True
+  questions:
+    - multiqDataProtectionBetweenNetworks
+    - multiqDataProtectionWithinNetwork
+- name: Asset protection
+  editable: False
+  edit_questions: True
+  questions:
+    - multiqDataStorageAndProcessing
+    - multiqPenetrationTesting
+    - multiqProtectionOfDataAtRest
+    - multiqDataSanitisation
+- name: Availability and resilience
+  editable: False
+  edit_questions: True
+  questions:
+    - guaranteedAvailability
+    - approachToResilience
+    - outageReporting
+- name: Separation between users
+  editable: False
+  edit_questions: True
+  questions:
+    - multiqVirtualisation
+- name: Governance
+  editable: False
+  edit_questions: True
+  questions:
+    - boardLevelServiceSecurity
+- name: Standards and certifications
+  editable: False
+  edit_questions: True
+  questions:
+    - multiqStandardsCSASTAR
+    - multiqStandardsPCI
+    - multiqStandardsCyber
+    - multiqAccreditationsOther
+- name: Energy efficiency
+  editable: False
+  edit_questions: True
+  questions:
+    - multiqEnergyEfficiency
+- name: Documents
+  editable: False
+  edit_questions: True
+  questions:
+    - serviceDefinitionDocumentURL
+    - termsAndConditionsDocumentURL
+    - pricingDocumentURL
+    - sfiaRateDocumentURL

package/frameworks/g-cloud-15/metadata/copy_services.yml CHANGED Viewed

@@ -7,12 +7,10 @@ questions_to_exclude:
   - accessRestrictionTesting
   - accreditationsOther
   - accreditationsOtherList
-  - approachToResilience
   - auditBuyersActions
   - auditBuyersActionsStorage
   - auditSuppliersActions
   - auditSuppliersActionsStorage
-  - boardLevelServiceSecurity
   - browsersAccess
   - browsersSupported
   - cloudDeploymentModel
@@ -26,17 +24,6 @@ questions_to_exclude:
   - dataExportHow
   - dataImportFormats
   - dataImportFormatsOther
-  - dataProtectionBetweenNetworks
-  - dataProtectionBetweenNetworksOther
-  - dataProtectionWithinNetwork
-  - dataProtectionWithinNetworkOther
-  - dataSanitisation
-  - dataSanitisationType
-  - dataSanitisationTypeHosting
-  - dataSanitisationTypeSoftware
-  - dataStorageAndProcessing
-  - dataStorageAndProcessingLocations
-  - dataStorageAndProcessingUserControl
   - datacentreSecurityStandards
   - devicesUsersManageTheServiceThrough
   - educationPricing
@@ -54,7 +41,6 @@ questions_to_exclude:
   - freeVersionTrialOption
   - governmentSecurityClearances
   - governmentSecurityClearancesFilter
-  - guaranteedAvailability
   - howLongSystemLogsStored
   - incidentManagementApproach
   - incidentManagementType
@@ -78,9 +64,6 @@ questions_to_exclude:
   - ongoingSupportDescription
   - ongoingSupportServices
   - onsiteSupport
-  - outageReporting
-  - penetrationTesting
-  - penetrationTestingApproach
   - phoneSupport
   - phoneSupportAvailability
   - planningService
@@ -93,8 +76,6 @@ questions_to_exclude:
   - priceMin
   - priceUnit
   - pricingDocumentURL
-  - protectionOfDataAtRest
-  - protectionOfDataAtRestOther
   - protectiveMonitoringApproach
   - protectiveMonitoringType
   - publicSectorNetworks
@@ -172,12 +153,6 @@ questions_to_exclude:
   - userAuthenticationNeeded
   - userAuthenticationSoftware
   - userSupportAccessibility
-  - virtualisation
-  - virtualisationImplementedBy
-  - virtualisationSeparation
-  - virtualisationTechnologiesUsed
-  - virtualisationTechnologiesUsedOther
-  - virtualisationThirdPartyProvider
   - vulnerabilityManagementApproach
   - vulnerabilityManagementType
   - webChatSupport

package/frameworks/g-cloud-15/questions/services/accreditationsOther.yml ADDED Viewed

@@ -0,0 +1,17 @@
+name: Other security certifications
+question: Do you have any other security certifications that cover this service?
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  accreditationsOtherList:
+    - true
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if you have any other security certifications.

package/frameworks/g-cloud-15/questions/services/accreditationsOtherList.yml ADDED Viewed

@@ -0,0 +1,22 @@
+name: Any other security certifications
+question: What other security certifications do you have?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+list_item_name: security certification
+type: list
+validations:
+  - name: answer_required
+    message: Enter a security certification.
+  - name: under_10_words
+    message: Each security certification must be 10 words or fewer.
+  - name: max_items_limit
+    message: You must have 10 or fewer security certifications.
+  - name: under_character_limit
+    message: Each security certification must be 100 characters or fewer.

package/frameworks/g-cloud-15/questions/services/approachToResilience.yml ADDED Viewed

@@ -0,0 +1,27 @@
+name: Approach to resilience
+question: Describe how your service is designed to be resilient.
+question_advice: >
+  Include how your datacentre setup is resilient. If you don’t want to make this information public, you can say that
+  it’s available on request.
+  Read about the government’s <a
+  href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-2-asset-protection-and-resilience#resilience"
+  target="_blank" rel="noopener noreferrer">2nd cloud security principle: ‘Asset protection and resilience’ (link opens
+  in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 200
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_200_words
+    message: Description must be 200 words or fewer.
+  - name: under_character_limit
+    message: Description must be 2000 characters or fewer.

package/frameworks/g-cloud-15/questions/services/boardLevelServiceSecurity.yml ADDED Viewed

@@ -0,0 +1,19 @@
+name: Named board-level person responsible for service security
+question: Does your organisation have a named person with board-level (or equivalent) authorisation who’s responsible for the
+  security of all of your services?
+question_advice: >
+  Read about the government’s <a href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-4-governance-framework"
+  target="_blank" rel="noopener noreferrer">4th cloud security principle: ‘Governance framework’ (link opens in a new
+  tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if your organisation has a board-level person responsible for service security.

package/frameworks/g-cloud-15/questions/services/dataProtectionBetweenNetworks.yml ADDED Viewed

@@ -0,0 +1,40 @@
+name: Data protection between buyer and supplier networks
+question: How do you protect data between the buyer’s network and your network?
+question_advice: >
+  Read about the government’s <a
+  href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-1-data-transit-protection" target="_blank"
+  rel="noopener noreferrer">1st cloud security principle: ’Data-in-transit protection’ (link opens in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  dataProtectionBetweenNetworksOther:
+    - other
+type: checkboxes
+options:
+  - label: Private network or public sector network
+    value: private_or_psn
+    filter_label: private network or public sector network
+  - label: TLS (Version 1.2 or above)
+    value: tls
+    filter_label: TLS (version 1.2 or above)
+  - label: IPsec or TLS VPN gateway
+    value: ipsec_or_vpn
+  - label: Bonded fibre optic connections
+    value: bonded_fibre
+    filter_label: bonded fibre optic connections
+  - label: Legacy SSL and TLS (under 1.2)
+    value: legacy_ssl
+    filter_ignore: true
+    filter_label: legacy SSL and TLS (under version 1.2)
+  - label: Other
+    value: other
+    filter_ignore: true
+validations:
+  - name: answer_required
+    message: Select a data protection method.

package/frameworks/g-cloud-15/questions/services/dataProtectionBetweenNetworksOther.yml ADDED Viewed

@@ -0,0 +1,20 @@
+name: Other protection between networks
+question: Describe how else you protect data between the buyer’s network and your network.
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 100
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_100_words
+    message: Description must be 100 words or fewer.
+  - name: under_character_limit
+    message: Description must be 1000 characters or fewer.

package/frameworks/g-cloud-15/questions/services/dataProtectionWithinNetwork.yml ADDED Viewed

@@ -0,0 +1,34 @@
+name: Data protection within supplier network
+question: How do you protect data within your network?
+question_advice: >
+  Read about the government’s <a
+  href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-1-data-transit-protection" target="_blank"
+  rel="noopener noreferrer">1st cloud security principle: ’Data-in-transit protection’ (link opens in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  dataProtectionWithinNetworkOther:
+    - other
+type: checkboxes
+options:
+  - label: TLS (Version 1.2 or above)
+    value: tls
+    filter_label: TLS (version 1.2 or above)
+  - label: IPsec or TLS VPN gateway
+    value: ipsec_or_vpn
+  - label: Legacy SSL and TLS (under 1.2)
+    value: ssl
+    filter_ignore: true
+    filter_label: legacy SSL and TLS (under version 1.2)
+  - label: Other
+    value: other
+    filter_ignore: true
+validations:
+  - name: answer_required
+    message: Select a data protection method.

package/frameworks/g-cloud-15/questions/services/dataProtectionWithinNetworkOther.yml ADDED Viewed

@@ -0,0 +1,21 @@
+name: Other protection within supplier network
+question: Describe how else you protect data within your network.
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 100
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_100_words
+    message: Description must be 100 words or fewer.
+  - name: under_character_limit
+    message: Description must be 1000 characters or fewer.

package/frameworks/g-cloud-15/questions/services/dataSanitisation.yml ADDED Viewed

@@ -0,0 +1,22 @@
+name: Data sanitisation process
+question: Do you have a data sanitisation process?
+question_advice: >
+   Read about the government’s <a
+   href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-2-asset-protection-and-resilience#sanitisation"
+   target="_blank" rel="noopener noreferrer">2nd cloud security principle: ‘Asset protection and resilience’ (link opens
+   in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  dataSanitisationType:
+    - true
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if you have a data sanitisation process.

package/frameworks/g-cloud-15/questions/services/dataSanitisationTypeHosting.yml ADDED Viewed

@@ -0,0 +1,23 @@
+id: dataSanitisationType
+name: Data sanitisation type
+question: What type of data sanitisation process do you have?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: checkboxes
+options:
+  - label: Explicit overwriting of storage before reallocation
+    value: overwriting
+  - label: Deleted data can’t be directly accessed
+    value: no_access
+  - label: Hardware containing data is completely destroyed
+    value: hardware_destroyed
+validations:
+  - name: answer_required
+    message: Select a data sanitisation process.

package/frameworks/g-cloud-15/questions/services/dataSanitisationTypeSoftware.yml ADDED Viewed

@@ -0,0 +1,21 @@
+id: dataSanitisationType
+name: Data sanitisation type
+question: What type of data sanitisation process do you have?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: checkboxes
+options:
+  - label: Explicit overwriting of storage before reallocation
+    value: overwriting
+  - label: Deleted data can’t be directly accessed
+    value: no_access
+validations:
+  - name: answer_required
+    message: Select a data sanitisation process.

package/frameworks/g-cloud-15/questions/services/dataStorageAndProcessing.yml ADDED Viewed

@@ -0,0 +1,24 @@
+name: Knowledge of data storage and processing locations
+question: Do you know where your data is stored and processed?
+question_advice: >
+  Read the government’s <a
+  href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-2-asset-protection-and-resilience#physical"
+  target="_blank" rel="noopener noreferrer">cloud security guidance for data storage (link opens
+  in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  dataStorageAndProcessingLocations:
+    - true
+  dataStorageAndProcessingUserControl:
+    - true
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if you know where your data is stored and processed.

package/frameworks/g-cloud-15/questions/services/dataStorageAndProcessingLocations.yml ADDED Viewed

@@ -0,0 +1,28 @@
+name: Data storage and processing locations
+question: Where is data stored and processed?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: checkboxes
+options:
+  - label: United Kingdom
+    value: uk
+  - label: European Economic Area (EEA)
+    value: eea
+    derived_from:
+      question: dataStorageAndProcessingLocations
+      any_of:
+        - uk
+  - label: Other locations
+    value: other
+    filter_ignore: true
+validations:
+  - name: answer_required
+    message: Select a location.

package/frameworks/g-cloud-15/questions/services/dataStorageAndProcessingUserControl.yml ADDED Viewed

@@ -0,0 +1,15 @@
+name: User control over data storage and processing locations
+question: Can users specify where data is stored and processed?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if users can specify where data is stored and processed.

package/frameworks/g-cloud-15/questions/services/energyEfficientDatacentres.yml ADDED Viewed

@@ -0,0 +1,19 @@
+name: Energy-efficient datacentres
+question: Do your datacentres adhere to the EU code of conduct for energy-efficient datacentres?
+question_advice: >
+  Read about the <a href="https://joint-research-centre.ec.europa.eu/energy-efficiency/energy-efficiency-products/code-conduct-ict/code-conduct-energy-efficiency-data-centres_en" target="_blank" rel="noopener noreferrer">EU code of conduct for energy-efficient datacentres (link opens in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  energyEfficientDatacentresDescription:
+    - true
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if your datacentres adhere to the EU code of conduct.

package/frameworks/g-cloud-15/questions/services/energyEfficientDatacentresDescription.yml ADDED Viewed

@@ -0,0 +1,20 @@
+name: Description of energy efficient datacentres
+question: Describe how your datacentres adhere to the EU Code of Conduct for Energy Efficient datacentres
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 200
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_200_words
+    message: Description must be 200 words or fewer.
+  - name: under_character_limit
+    message: Description must be 2000 characters or fewer.

package/frameworks/g-cloud-15/questions/services/guaranteedAvailability.yml ADDED Viewed

@@ -0,0 +1,22 @@
+name: Guaranteed availability
+question: Describe the level of availability you guarantee.
+question_advice: >
+  Include any service level agreements (SLAs) you have for availability and how users are refunded if you don’t meet
+  guaranteed levels of availability.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 200
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_200_words
+    message: Your answer must be no longer than 200 words.
+  - name: under_character_limit
+    message: Your answer must be no longer than 2000 characters.

package/frameworks/g-cloud-15/questions/services/multiqAccreditationsOther.yml ADDED Viewed

@@ -0,0 +1,13 @@
+name: Other security certifications
+question: Other security certifications
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: multiquestion
+questions:
+  - accreditationsOther
+  - accreditationsOtherList

package/frameworks/g-cloud-15/questions/services/multiqDataProtectionBetweenNetworks.yml ADDED Viewed

@@ -0,0 +1,13 @@
+name: Protection between networks
+question: Protection between networks
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: multiquestion
+questions:
+  - dataProtectionBetweenNetworks
+  - dataProtectionBetweenNetworksOther

package/frameworks/g-cloud-15/questions/services/multiqDataProtectionWithinNetwork.yml ADDED Viewed

@@ -0,0 +1,13 @@
+name: Protection within your network
+question: Protection within your network
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: multiquestion
+questions:
+  - dataProtectionWithinNetwork
+  - dataProtectionWithinNetworkOther

package/frameworks/g-cloud-15/questions/services/multiqDataSanitisation.yml ADDED Viewed

@@ -0,0 +1,14 @@
+name: Data sanitisation process
+question: Data sanitisation process
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: multiquestion
+questions:
+  - dataSanitisation
+  - dataSanitisationTypeHosting
+  - dataSanitisationTypeSoftware