Difference between revisions of "Template:LIMSpec/Cybersecurity"

Latest revision as of 22:07, 14 March 2023


Regulation, Specification, or Guidance	Requirement
42 CFR Part 493.1231 45 CFR Part 164.312 45 CFR Part 170.315 (d-9) ASTM E1578-18 S-4-1 CJIS Security Policy 5.6.4 CJIS Security Policy 5.8.2.1 CJIS Security Policy 5.10.1.2 CJIS Security Policy Appendix G.6 CLSI QMS22 2.2.3.2 EMA Guidance on Good Manufacturing Practice and Good Distribution Practice NIST 800-53, Rev. 5, AC-17(2) NIST 800-53, Rev. 5, MA-4(6) NIST 800-53, Rev. 5, SC-8 and SC-8(1)	35.1 The system should use secure communication protocols like SSL/TLS over Secure Hypertext Transfer Protocol with 256 bit encryption.
42 CFR Part 493.1231 45 CFR Part 164.312 45 CFR Part 170.315 (d) ACMG Technical Standards for Clinical Genetics Laboratories C1.6 ASTM E1578-18 S-4-2 CJIS Security Policy 5.5.2.4 CJIS Security Policy 5.10.1.2 CJIS Security Policy Appendix G.6 NIST 800-53, Rev. 5, CP-9(8) NIST 800-53, Rev. 5, SC-13 and SC-28(1)	35.2 The system should support database encryption and be capable of recording the encryption status of the data contained within.
42 CFR Part 493.1231 CJIS Security Policy 5.6.2.2.1 CLSI QMS22 2.4.2.2 NIST 800-53, Rev. 5, AC-3 NIST 800-53, Rev. 5, IA-2, IA-2(1–4), and IA-8 NIST 800-53, Rev. 5, MA-4	35.3 The system should be able to support multifactor authentication.
45 CFR Part 170.202 45 CFR Part 170.315 (h)	35.4 The system should support Office of the National Coordinator for Health Information Technology (ONC) transport standards and protocols for the reception and distribution of personal health information.
NIST 800-53, Rev. 5, IA-7	35.5 The system should provide a means for authenticating an individual seeking to access any embedded cryptographic module within the system, as well as the individual's role in performing services within the module.
NIST 800-53, Rev. 5, SC-15	35.6 The system should prevent connected collaborative computing devices (e.g., cameras, microphones, interactive whiteboards) from being activated without explicit permission from the end user, and it should provide a clear indication of any activation to the end user.

@@ Line 12: / Line 12: @@
 [https://www.law.cornell.edu/cfr/text/45/164.312 45 CFR Part 164.312]<br />
 [https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d-9)]<br />
-[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-4-1]<br />
+[https://www.astm.org/e1578-18.html ASTM E1578-18 S-4-1]<br />
 [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.4]<br />
 [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.8.2.1]<br />
 [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.1.2]<br />
 [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.6]<br />
-[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-17(2)]
+[https://clsi.org/standards/products/quality-management-systems/documents/qms22/ CLSI QMS22 2.2.3.2]<br />
+[https://www.ema.europa.eu/en/human-regulatory/research-development/compliance/good-manufacturing-practice/guidance-good-manufacturing-practice-good-distribution-practice-questions-answers EMA Guidance on Good Manufacturing Practice and Good Distribution Practice]<br />
+[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, AC-17(2)]<br />
+[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, MA-4(6)]<br />
+[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, SC-8 and SC-8(1)]
    | style="background-color:white;" |'''35.1''' The system should use secure communication protocols like SSL/TLS over Secure Hypertext Transfer Protocol with 256 bit encryption.
   |-
@@ Line 24: / Line 28: @@
 [https://www.law.cornell.edu/cfr/text/45/164.312 45 CFR Part 164.312]<br />
 [https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d)]<br />
-[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-4-2]<br />
+[https://www.acmg.net/ACMG/Medical-Genetics-Practice-Resources/Genetics_Lab_Standards/ACMG/Medical-Genetics-Practice-Resources/Genetics_Lab_Standards.aspx ACMG Technical Standards for Clinical Genetics Laboratories C1.6]<br />
+[https://www.astm.org/e1578-18.html ASTM E1578-18 S-4-2]<br />
 [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2.4]<br />
 [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.1.2]<br />
 [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.6]<br />
-[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, SC-13 and SC-28(1)]
+[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, CP-9(8)]<br />
+[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, SC-13 and SC-28(1)]
    | style="background-color:white;" |'''35.2''' The system should support database encryption and be capable of recording the encryption status of the data contained within.
   |-
-   | style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/42/493.1231 42 CFR Part 493.1231]<br />
+   | style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/42/493.1231 42 CFR Part 493.1231]<br />[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.2.2.1]<br />[https://clsi.org/standards/products/quality-management-systems/documents/qms22/ CLSI QMS22 2.4.2.2]<br />[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, AC-3]<br />[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, IA-2, IA-2(1–4), and IA-8]<br />[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, MA-4]
-[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.2.2.1]<br />
-[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-3]<br />
-[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, IA-2, IA-2(1–4), and IA-8]<br />
-[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, MA-4]
    | style="background-color:white;" |'''35.3''' The system should be able to support multifactor authentication.
   |-
@@ Line 41: / Line 43: @@
    | style="background-color:white;" |'''35.4''' The system should support Office of the National Coordinator for Health Information Technology (ONC) transport standards and protocols for the reception and distribution of personal health information.
   |-
-   | style="padding:5px; width:500px;" |[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, IA-7]
+   | style="padding:5px; width:500px;" |[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, IA-7]
    | style="background-color:white;" |'''35.5''' The system should provide a means for authenticating an individual seeking to access any embedded cryptographic module within the system, as well as the individual's role in performing services within the module.
   |-
+  | style="padding:5px; width:500px;" |[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, SC-15]
+  | style="background-color:white;" |'''35.6''' The system should prevent connected collaborative computing devices (e.g., cameras, microphones, interactive whiteboards) from being activated without explicit permission from the end user, and it should provide a clear indication of any activation to the end user.
+ |-
 |}
 |}

Difference between revisions of "Template:LIMSpec/Cybersecurity"

Latest revision as of 22:07, 14 March 2023

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools

Popular publications