A computer program or set of programs that meet a defined set of business needs. A program or group of programs designed for end users. These programs are divided into two classes: system software and application software. While system software consists of low-level programs that interact with computers at a basic level, application software resides above system software and includes applications such as database programs, word processors and spreadsheets. Application software may be grouped along with system software or published alone. For the purposes of integration applications consume an integration service such as a web service or API.
An interconnected set of IT resources under the same direct management control that meets a defined set of business needs.
All public-facing content, including websites, applications, documents and media, blog posts, and social media content. Certain non-public-facing content that must also comply. Examples include: All electronic content used for official business to communicate: emergency notifications, initial or final decisions adjudicating administrative claims or proceedings, internal or external program or policy announcements, notices of benefits, program eligibility, employment opportunities or personnel actions, formal acknowledgements or receipts, questionnaires or surveys, templates or forms, educational or training materials, and web-based intranets.
A known system defect or enhancement request that if left unresolved could significantly impact business operations, compliance with statute or policy, the integrity of the system or data or otherwise create a public health, safety or other significant risk areas.
Restarting technology operations after an outage using processes, policies and procedures prepared for recovery or continuation of mission-essential technology infrastructure after a disaster.
These processes are found in a DR Plan. DR is a subset of business continuity and COOP.
The three principal goals of DR are to:
The latest date a manufacturer will provide security patches. Some manufacturers have an end of mainstream support date and an extended end-of support date. In these cases, after the end of mainstream support, no additional software feature/function enhancements or fixes are issued but security patches are until the end of extended support. The recommended best practice is to migrate before end of mainstream support.
The processes, procedures, systems, IT infrastructure, data, and communication capabilities that allow each agency to manage, store, and share information in pursuit of its business mission, including but not limited to:
IT System Development / Integration Support includes the software services enabling elements of distributed business applications to interoperate and the software development necessary to facilitate such integration. These elements can share function, content, and communications across heterogeneous computing environments
A lightweight data-interchange format. It is a language independent text format that is easy for humans to read and write. It is easy for machines to parse and generate.
Provide for the representation of mapping and geospatial information through the use of attributes such as zip code, country code, elevation, natural features and other spatial measures
Any hand-portable device capable of text, voice, email, instant messaging (“IM”), photo messaging or other types of data communication. This policy is not meant to apply to: cars, boats, airplanes, laptop computers, desktop computers, unpiloted aerial vehicles (drones), gps receivers, radios
Modularity refers to the extent to which a software/Web application may be divided into smaller modules. Software modularity indicates that the number of application modules are capable of serving a specified business domain. Allows typical applications to be divided into modules, as well as integration with similar modules, which helps developers use prewritten code. Modules are divided based on functionality, and programmers are not involved with the functionalities of other modules. Thus, new functionalities may be easily programmed in separate modules. It is a practical application of the principle of "Separation of Concerns" by dividing a complex system into simpler and more manageable modules that will work together Modularization can take place in two ways: The Composition or bottom-up approach takes modules and puts them together to form a larger system The alternative approach is to take a complete system and decompose it into its modules. This approach is known as the decomposition or top-down approach. Modules are technically connected to one another. The measure of inter-module relation is known as coupling. Design goals require modules to have low-coupling and high cohesion. Cohesion is a measure of the inter-relatedness of elements (statements, procedures, declarations) within a module. A module is said to have high cohesion if all the elements in the module are strongly connected with one another. Tight coupling of modules makes analysis, understanding, modification and testing of modules difficult. Reuse of modules is also hindered. Modularity enhances the understandability of software systems and change process. Developers need not have to understand the entire system for changes to be made as details are localized into components; modularity separates concerns down to the modules and is thus a direct realization of the principle of "Separation of Concerns"
An open source specification to define a standard, language-agnostic interface to REST APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic.
A distributed system framework that uses Web protocols and technology. The REST architecture involves client and server interactions build around the transfer of resources. Systems that conform to REST principles are referred to as RESTful.
The capability of remaining or returning to a normal situation after an event by having multiple ways of performing a function. This may include people, processes or technology. Generally speaking, this means there would be no single point of failure that could stop a process.
A secure version of File Transfer Protocol (FTP), which facilitates data access and data transfer over a Secure Shell (SSH) data stream. It is part of the SSH Protocol. This term is also known as SSH File Transfer Protocol.
A requestor that consumes or uses an automated IT Service provided by a Service Provider. Entities (systems, people, and organizations) that needs to make use of services offered by providers.
Computer application readable description of capabilities, requirements, general characteristics, abstract message operations, concrete network protocols, endpoint addresses, and structure and content of messages received by and sent by the service.
The coordination and arrangement of multiple services exposed as a single aggregate service. Developers utilize service orchestration to support the automation of business processes by loosely coupling services across different applications and enterprises and creating "second-generation," composite applications. In other words, service orchestration is the combination of service interactions to create higher-level business services.
Style of software design where services are provided to the other components by application components, through a communication protocol over a network. The basic principles of service-oriented architecture are independent of vendors, products and technologies. A service is a discrete unit of functionality that can be accessed remotely and acted upon and updated independently, such as retrieving a credit card statement online. According to TOGAF, under the terms of an SOA, a service has four properties: It logically represents a business activity with a specified outcome. It is self-contained. It is a black box for its consumers. It may consist of other underlying services.
Entities (systems, people, and organizations) that offer capabilities and act as service providers. An authoritative/trusted organization that offers an automated IT Service to a Service Consumer by means of one of its Provided Service Interfaces.
A service-oriented architecture design principle for creating services that can be used for business purposes beyond those initially specified in requirements. Reusable services are designed so their solution logic is independent of any particular business process or technology.
A protocol for implementing Web Services. SOAP features guidelines that allow communication via the Internet between two programs, even if they run on different platforms, use different technologies and are written in different programming languages.
Shared, common infrastructure for lifecycle management such as a services registry, policies, business analytics; routing/addressing, quality of service, communication; Development Tools for security, management, and adapters.
Modular, swappable functions, separate from, yet connected to an application via well-defined interfaces to provide agility. Often referred to as 'services' they: Perform granular business functions such as "get customer address" or larger ones such as 'process payment.' Are loosely coupled to a new or existing application. Have capability to perform the steps, tasks and activities of one or more business processes. Can be combined to perform a set of functions - referred to as 'orchestration.'
Support the balance and allocation of memory, usage, disk space and performance on computers and their applications.
Undue burden means significant and unreasonable difficulty or expense. In determining whether an action would result in an undue burden, an agency shall consider all agency resources available to the program or component for which the covered technology is being developed, procured, maintained, or used.
A software service used to communication between two devices on a network. More specifically, a Web service is a software application with a standardized way of providing interoperability between disparate applications. It does so over HTTP using technologies such as XML, SOAP, WSDL, and UDDI.
An XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information. The operations and messages are described abstractly, and then bound to a concrete network protocol and message format to define an endpoint.
An OASIS specification that defines mechanisms to allow different security realms to federate, such that authorized access to resources managed in one realm can be provided to security principles whose identities and attributes are managed in other realms. This includes mechanisms for brokering of identity, attribute, authentication and authorization assertions between realms, and privacy of federated claims.
An OASIS specification that proposes a standard set of SOAP extensions that can be used when building secure Web services to implement message content integrity and confidentiality.