The agency said this in a statement issued
on Saturday in response to media reports on its role in the assessment of UTAS.
In the statement, NITDA affirmed its
mandate, which involves creating a framework for evaluation and regulation of
information technology practices in Nigeria.
The statement read in part, “In line with
its mandate, the agency has been registering indigenous software solutions.
Part of the registration process requires that solutions are subjected to tests
in line with the requirements of the Software Testing and Quality Assurance
Framework and Guideline and the Guidelines for Nigerian Content Development in
ICT.”
ASUU has been engaging the Federal
Government on some issues, such as payment of promotion arrears, earned
academic allowance, funding for revitalisation of public Universities, and
adoption of UTAS as a payment platform for universities.
NITDA was invited on October 14, 2020, to
participate in an interactive session between ASUU, Federal Government and the
Legislature.
For the UTAS to be accepted as a payment
platform, NITDA was directed to carry out an integrity test on the software.
“As part of the conditions for acceptance
of UTAS as a payment platform for public universities by Federal Government,
NITDA was directed to subject the platform to integrity test and advise
government appropriately. In doing so, the agency decided to carry out three
out of the eight tests specified in the Software Testing and Quality Assurance
Framework and Guideline. These tests are User Acceptance Test, Stress Test, and
Vulnerability Assessment and Penetration Test,” the statement read.
NITDA added that some challenges occurred
that could hamper the result of the assessment.
The statement read, “Although the UAT was
carried out as planned, challenges were encountered that negatively impacted on
the outcome of the assessment. For instance, although the invitation emphasised
the need for prospective participants to come with ICT tools for the exercise,
very few of the participants had these tools.
“This resulted in grouping the participants
and very limited hands-on interaction with the Solution was possible.
Furthermore, there was limited connectivity thereby making it difficult for the
participants with the relevant tools to follow the demonstration by ASUU. These
issues were adequately reported to key stakeholders.”
NITDA also said that certain risks were
revealed based on the assessments executed.
It said, “The agency’s team also carried
out series of Vulnerability Assessment and Penetration Tests on the UTAS
platform. One of these assessments revealed five High-Risk vulnerabilities that
are likely to negatively impact the platform if exploited.
“Furthermore, two Low-Risk vulnerabilities
were identified. These were discussed with the ASUU team and a further
assessment carried out on the updated version of the Solution revealed that the
High-Risk Vulnerabilities have been addressed. However, one Medium Risk, three
Low Risks and forty-four Informational Risks were identified. These also were
adequately communicated to the relevant stakeholders, including ASUU.”
It added, “A detailed Functionality/User
Acceptance Test on the platform was carried out by our team. A total of 687
test cases were generated in which 529 passed, 156 failed and 2 cautionary
warnings. As some of the failed cases are critical to the overall functionality
of the solution, the agency could not recommend for the solution to be deployed
in a production environment.”
NITDA further said that ASUU was asked to
work on the solution and submit it for further assessment.
0 comments:
Post a Comment