Difference between revisions of "Template:LIMSpec for Cannabis Testing/Cybersecurity"
From CannaQAWiki
Jump to navigationJump to searchShawndouglas (talk | contribs) m (Renumbered.) |
Shawndouglas (talk | contribs) (Formatting) |
||
| Line 5: | Line 5: | ||
! colspan="2" style="text-align:left; padding-left:20px; padding-top:10px; padding-bottom:10px;"| | ! colspan="2" style="text-align:left; padding-left:20px; padding-top:10px; padding-bottom:10px;"| | ||
|- | |- | ||
! style="color:brown; background-color:#ffffee; width: | ! style="color:brown; background-color:#ffffee; width:175px;"| Regulation, Specification, or Guidance | ||
! style="color:brown; background-color:#ffffee; width:700px;"| Requirement | ! style="color:brown; background-color:#ffffee; width:700px;"| Requirement | ||
|- | |- | ||
| style="padding:5px; | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" | | ||
[https://www.law.cornell.edu/cfr/text/42/493.1231 42 CFR Part 493.1231]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/42/493.1231 42 CFR Part 493.1231]<br /> | ||
[https://www.law.cornell.edu/cfr/text/45/164.312 45 CFR Part 164.312]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/45/164.312 45 CFR Part 164.312]<br /> | ||
[https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d-9)]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d-9)]<br /> | ||
[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-4-1]<br /> | ▪ [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-4-1]<br /> | ||
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.4]<br /> | ▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.4]<br /> | ||
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.8.2.1]<br /> | ▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.8.2.1]<br /> | ||
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.1.2]<br /> | ▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.1.2]<br /> | ||
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.6]<br /> | ▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.6]<br /> | ||
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-17(2)] | ▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-17(2)] | ||
| style="background-color:white;" |'''26.1''' The system should use secure communication protocols like SSL/TLS over Secure Hypertext Transfer Protocol with 256 bit encryption. | | style="background-color:white; vertical-align: text-top;" |'''26.1''' The system should use secure communication protocols like SSL/TLS over Secure Hypertext Transfer Protocol with 256 bit encryption.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding:5px; | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" | | ||
[https://www.law.cornell.edu/cfr/text/42/493.1231 42 CFR Part 493.1231]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/42/493.1231 42 CFR Part 493.1231]<br /> | ||
[https://www.law.cornell.edu/cfr/text/45/164.312 45 CFR Part 164.312]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/45/164.312 45 CFR Part 164.312]<br /> | ||
[https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d)]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d)]<br /> | ||
[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-4-2]<br /> | ▪ [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-4-2]<br /> | ||
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2.4]<br /> | ▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2.4]<br /> | ||
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.1.2]<br /> | ▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.1.2]<br /> | ||
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.6]<br /> | ▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.6]<br /> | ||
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, SC-13 and SC-28(1)] | ▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, SC-13 and SC-28(1)] | ||
| style="background-color:white;" |'''26.2''' The system should support database encryption and be capable of recording the encryption status of the data contained within. | | style="background-color:white; vertical-align: text-top;" |'''26.2''' The system should support database encryption and be capable of recording the encryption status of the data contained within.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding:5px; | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.law.cornell.edu/cfr/text/42/493.1231 42 CFR Part 493.1231]<br /> | ||
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.2.2.1]<br /> | ▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.2.2.1]<br /> | ||
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-3]<br /> | ▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-3]<br /> | ||
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, IA-2, IA-2(1–4), and IA-8]<br /> | ▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, IA-2, IA-2(1–4), and IA-8]<br /> | ||
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, MA-4] | ▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, MA-4] | ||
| style="background-color:white;" |'''26.3''' The system should be able to support multifactor authentication. | | style="background-color:white; vertical-align: text-top;" |'''26.3''' The system should be able to support multifactor authentication. | ||
|- | |- | ||
| style="padding:5px; | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.law.cornell.edu/cfr/text/45/170.202 45 CFR Part 170.202]<br />▪ [https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (h)] | ||
| style="background-color:white;" |'''26.4''' The system should support Office of the National Coordinator for Health Information Technology (ONC) transport standards and protocols for the reception and distribution of personal health information (e.g., medical marijuana user data). | | style="background-color:white; vertical-align: text-top;" |'''26.4''' The system should support Office of the National Coordinator for Health Information Technology (ONC) transport standards and protocols for the reception and distribution of personal health information (e.g., medical marijuana user data).<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding:5px; | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, IA-7] | ||
| style="background-color:white;" |'''26.5''' The system should provide a means for authenticating an individual seeking to access any embedded cryptographic module within the system, as well as the individual's role in performing services within the module. | | style="background-color:white; vertical-align: text-top;" |'''26.5''' The system should provide a means for authenticating an individual seeking to access any embedded cryptographic module within the system, as well as the individual's role in performing services within the module.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding:5px; | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, SC-15] | ||
| style="background-color:white;" |'''26.6''' The system should prevent connected collaborative computing devices (e.g., cameras, microphones, interactive whiteboards) from being activated without explicit permission from the end user, and it should provide a clear indication of any activation to the end user. | | style="background-color:white; vertical-align: text-top;" |'''26.6''' The system should prevent connected collaborative computing devices (e.g., cameras, microphones, interactive whiteboards) from being activated without explicit permission from the end user, and it should provide a clear indication of any activation to the end user.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
|} | |} | ||
|} | |} | ||
Revision as of 17:33, 30 January 2021
| ||||||||||||||||
