|
|
| Regulation, Specification, or Guidance
|
Requirement
|
|
42 CFR Part 493.1231
45 CFR Part 164.312
45 CFR Part 170.315 (d-9)
ASTM E1578-18 S-4-1
CJIS Security Policy 5.6.4
CJIS Security Policy 5.8.2.1
CJIS Security Policy 5.10.1.2
CJIS Security Policy Appendix G.6
NIST 800-53, Rev. 4, AC-17(2)
|
35.1 The system should use secure communication protocols like SSL/TLS over Secure Hypertext Transfer Protocol with 256 bit encryption.
|
|
42 CFR Part 493.1231
45 CFR Part 164.312
45 CFR Part 170.315 (d)
ASTM E1578-18 S-4-2
CJIS Security Policy 5.5.2.4
CJIS Security Policy 5.10.1.2
CJIS Security Policy Appendix G.6
NIST 800-53, Rev. 4, SC-13 and SC-28(1)
|
35.2 The system should support database encryption and be capable of recording the encryption status of the data contained within.
|
42 CFR Part 493.1231
CJIS Security Policy 5.6.2.2.1
NIST 800-53, Rev. 4, AC-3
NIST 800-53, Rev. 4, IA-2, IA-2(1–4), and IA-8
NIST 800-53, Rev. 4, MA-4
|
35.3 The system should be able to support multifactor authentication.
|
45 CFR Part 170.202
45 CFR Part 170.315 (h)
|
35.4 The system should support Office of the National Coordinator for Health Information Technology (ONC) transport standards and protocols for the reception and distribution of personal health information.
|
| NIST 800-53, Rev. 4, IA-7
|
35.5 The system should provide a means for authenticating an individual seeking to access any embedded cryptographic module within the system, as well as the individual's role in performing services within the module.
|
