DMA is working to ensure compliance for all cyber security requirements including DoDD 8140.01 Cyberspace Workforce Management. DMA has identified custom JavaScript as a software code which does not undergo a scan and sanitize as the files get uploaded as per DoD requirements. This is critical:
· To ensure no improper encoding and unwanted sensitive data exposure
· To conduct regular scans
· To use and manage updated libraries and framework
JavaScript is the fourth on the list among the most vulnerable languages, and DMA must remain proactive in securing all the application hosted on WEB.mil environments.
Therefore, DMA will no longer allow AFPIMS users to upload JavaScript files into AFPIMS starting in July 2022. Previously uploaded JavaScript (.js) files will remain in the system after developers scan them with a code scanning tool. Customers with any vulnerabilities in their code will receive a notice.
For customers with a mission critical reason requiring support of custom JavaScript files upload, DMA development team can assist. These customers will provide the JavaScript file to the DMA development team to scan and upload. This will include a fee for service.
Per DoDD 8140.01, anyone writing code for official DoD websites must be a certified IT professional.
Any questions should be directed to the DMA WEB.mil team and/or the DMA service desk.