============================================================================= Run Date: OCT 22, 2020 Designation: PREM*3*2 Package : PREM - MEDICATION ORDER CHECK (MOCH Priority: Mandatory Version : 3 SEQ #2 Status: Released Compliance Date: NOV 22, 2020 ============================================================================= Subject: MOCHA - Fortify and Technical Reference Model (TRM) Compliance Category: - Informational - Other Description: ============ The MOCHA application server is a service of the Medication Order Check Healthcare application program that provides the capability services that receive and validate the format of the request. Provided the format is correct, the MOCHA services will triage the request by interacting with FDB's Med Knowledge Framework to perform the requested check and return the results. The purpose of this patch is to comply with the VA Security and Code Quality Standards and the Technical Reference Model (TRM). Rational Task Id ----------------- Number: 1147760 Problem: -------- MOCHA application contains Java Enterprise components which are subject to compliance with VA security and code quality standards and Technical Reference Model (TRM) to maintain authority to operate (ATO). Routine Fortify scanning and remediation is performed to maintain compliance. Resolution: ----------- MOCHA patch PREM*3*2 was initiated to remediate code quality and security vulnerabilities issues also helps to bring the MOCHA application into compliance with VA Security Standards in the current Java code. MOCHA application code has been scanned with the Fortify software to identify security vulnerabilities and code quality issues. Code fixes have been applied to mitigate these findings and the application has been validated by the VA Software Assurance Team to ensure compliance with the standards. No application functionality has changed. Application frameworks have been upgraded to be compliant with Technical Reference Model (TRM). Test Sites: ----------- VA West Palm Beach VAMC (West Palm Beach, FL) VA Louisville VAMC (Louisville, KY) Software and Documentation Retrieval Instructions: ------------------------------------------------- The patch will be released in Forum via Packman mailman message. For the Java, installation, this patch is being released by AITC. Documentation describing the new functionality is included in this release. Documentation can be found on the VA Software Documentation Library at: https://www.domain.ext/vdl/. Documentation can also be obtained at https://download.vista.domain.ext/index.html/SOFTWARE. File Title File Name ----------------------------------------------------------------- Deployment, Installation, prem_3_p2_dibr.docx Back-Out, and Rollback Guide Installation Guide prem_3_p2_mocha_server_v3_1_ig.docx Installation Instructions: -------------------------- Patch will be installed by AITC. For further information on the installation of the patch, refer to the section 3 (Installation) in the prem_3_2_dibr.docx document. Back-Out/Roll Back Plan: ------------------------ Patch will be installed by AITC. For further information on the Roll back plan of the patch, refer to the section 4 (Back-Out Procedure) in the prem_3_2_dibr.docx document. Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : OCT 22, 2019 Completed By: Date Completed: OCT 22, 2020 Released By : Date Released : OCT 22, 2020 ============================================================================= Packman Mail Message: ===================== No routines included