Stage 2. Security Checklist and Deployment
• Once development and testing has concluded, the JS owner submits the JavaScript Program Security
Checklist and Deployment Request Form to WebCMS Support (web_cms_support@epa.gov). No work can
take place until you have a registration id/charge code set up for vetting submitted code.
• Submitted JavaScript files will be vetted by our contractors--they will scan your code and page. The code
owner (you) will pay for this vetting, which should not take more than 10 hours of work per code submission.
(Note that this means you pay for every submission, so it's to your benefit to ensure that the submitted code
works.) This review process can take up to five days (there's a queue).
• If the code passes review:
The JS files and libraries will be placed into the production repository (our revision control system). You will
no longer have write access to the code. All changes to code will be recorded. Rollbacks to previous
versions will be possible. You can request a rollback by emailing
WebCMS Support
(web_cms_support@epa.gov).
• If the code fails review:
You will be notified with a copy of the review along with recommendations. The JavaScript then can be
further developed until the security requirements are met. JavaScript that does not meet security and coding
standards will not approved.
• If a JavaScript fails on the production server:
If a JavaScript file or library fails in the production environment, OMS can provide only limited support (e.g.,
assist in the identification of failure points in the code). If problems cannot be fixed quickly, you must retest
the code on EPA's Drupal WebCMS Sandbox server.
Stage 3. Updating a JavaScript File or Library
• As OMS will manage the revision control system, you will no longer have write access to your production JS
file or library. You will modify your JS on the Sandbox server and, when testing is complete, make a JS
Update Request by contacting us.
• After the request has been received and confirmed with you, OMS will run a diff on the two scripts. New
code will be reviewed and tested. If the JavaScript passes review, it will be certified and updated as noted
above. If it does not pass review, you will be notified as above.
• If necessary, you can request that current code be rolled back to a previous version. To rollback, make a JS
Update Request. One caveat: if the code is out of date, it will be subject to a new review before it is restored.
Stage 4. Retiring/Reactivating a JS File or Library
• If a JavaScript is no longer required, you can retire it by submitting a JS Update Request.
• The script will be retired from active use, archived, and available for reactivation. To reactivate it, submit a
JS Update Request. One caveat: if the code is out of date, it will be subject to a new review before it is
restored.
Please note that OMS will review JS usage periodically. If the code has not been used or accessed in
the last 60 days, you will be notified. You can then determine if the JS should remain operational or be
retired.