Difference between revisions of "Template:LIMSpec/Cybersecurity"

From LIMSWiki
Jump to navigationJump to search
(Created as needed.)
 
(Added NIST 800-53 to various items)
Line 16: Line 16:
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.8.2.1]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.8.2.1]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.1.2]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.1.2]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.6]
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.6]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-17(2)]
   | style="background-color:white;" |'''35.1''' The system should use secure communication protocols like SSL/TLS over Secure Hypertext Transfer Protocol with 256 bit encryption.
   | style="background-color:white;" |'''35.1''' The system should use secure communication protocols like SSL/TLS over Secure Hypertext Transfer Protocol with 256 bit encryption.
  |-  
  |-  
Line 26: Line 27:
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2.4]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2.4]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.1.2]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.1.2]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.6]
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.6]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, SC-13 and SC-28(1)]
   | style="background-color:white;" |'''35.2''' The system should support database encryption and be capable of recording the encryption status of the data contained within.
   | style="background-color:white;" |'''35.2''' The system should support database encryption and be capable of recording the encryption status of the data contained within.
  |-  
  |-  
   | style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/42/493.1231 42 CFR Part 493.1231]<br />[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.2.2.1]
   | style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/42/493.1231 42 CFR Part 493.1231]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.2.2.1]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-3]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, IA-2, IA-2(1–4), and IA-8]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, MA-4]
   | style="background-color:white;" |'''35.3''' The system should be able to support multifactor authentication.
   | style="background-color:white;" |'''35.3''' The system should be able to support multifactor authentication.
  |-
  |-

Revision as of 21:42, 15 November 2019

Regulation, Specification, or Guidance Requirement

42 CFR Part 493.1231
45 CFR Part 164.312
45 CFR Part 170.315 (d-9)
ASTM E1578-18 S-4-1
CJIS Security Policy 5.6.4
CJIS Security Policy 5.8.2.1
CJIS Security Policy 5.10.1.2
CJIS Security Policy Appendix G.6
NIST 800-53, Rev. 4, AC-17(2)

35.1 The system should use secure communication protocols like SSL/TLS over Secure Hypertext Transfer Protocol with 256 bit encryption.

42 CFR Part 493.1231
45 CFR Part 164.312
45 CFR Part 170.315 (d)
ASTM E1578-18 S-4-2
CJIS Security Policy 5.5.2.4
CJIS Security Policy 5.10.1.2
CJIS Security Policy Appendix G.6
NIST 800-53, Rev. 4, SC-13 and SC-28(1)

35.2 The system should support database encryption and be capable of recording the encryption status of the data contained within.
42 CFR Part 493.1231

CJIS Security Policy 5.6.2.2.1
NIST 800-53, Rev. 4, AC-3
NIST 800-53, Rev. 4, IA-2, IA-2(1–4), and IA-8
NIST 800-53, Rev. 4, MA-4

35.3 The system should be able to support multifactor authentication.
45 CFR Part 170.202
45 CFR Part 170.315 (h)
35.4 The system should support Office of the National Coordinator for Health Information Technology (ONC) transport standards and protocols for the reception and distribution of personal health information.