Please ensure Javascript is enabled for purposes of website accessibility DMA will no longer allow JavaScript file uploads into AFPIMS > WEB.mil > WEB.mil - News

Announcements regarding changes to the public facing official DOD websites hosted by the Defense Media Activity including Cyber-Security Awareness. This is owned and operated by the Web Enterprise Business (WEB.mil) line of business in DMA.

News
Announcement | April 7, 2022

DMA will no longer allow JavaScript file uploads into AFPIMS

Web Enterprise Business

DMA is working to ensure compliance for all cyber security requirements including DoDD 8140.01 Cyberspace Workforce Management.  DMA has identified custom JavaScript as a software code which does not undergo a scan and sanitize as the files get uploaded as per DoD requirements. This is critical: 

  

·         To ensure no improper encoding and unwanted sensitive data exposure 

·         To conduct regular scans 

·         To use and manage updated libraries and framework 

  

JavaScript is the fourth on the list among the most vulnerable languages, and DMA must remain proactive in securing all the application hosted on WEB.mil environments.   

  

Therefore, DMA will no longer allow AFPIMS users to upload JavaScript files into AFPIMS starting in July 2022.   Previously uploaded JavaScript (.js) files will remain in the system after developers scan them with a code scanning tool. Customers with any vulnerabilities in their code will receive a notice.  

  

For customers with a mission critical reason requiring support of custom JavaScript files upload, DMA development team can assist.  These customers will provide the JavaScript file to the DMA development team to scan and upload.  This will include a fee for service.  

 

Per DoDD 8140.01, anyone writing code for official DoD websites must be a certified IT professional.  

Any questions should be directed to the DMA WEB.mil team and/or the DMA service desk.