Over the past year, Epiphany’s Cardio Server has undergone the stringent DIACAP certification process. It involved a thorough inspection of our development and support processes with an overall security posture in view. During the certification process, every line of code was audited by the Epiphany engineering team for (Information Assurance) IA compliance. All points of entry into the system were documented and tested.
Here is the breakdown of systems tested and the number of checks involved for Cardio Server:
- Windows Server Operating System: 315
- .NET: 73
- Application Development: 158
- IIS: 65
- Internet Explorer: 128
- Database: 231
In all, 970 discrete security checks were made on Cardio Server. The results of some checks required remediation in order to make the application DIACAP compliant. For example, vulnerabilities related to Web Services were addressed. Another example would be that when an account has been locked out due to failed attempts, it can only be reset by an administrator; there is no reset based on duration. Even the development process was tweaked as a result of these checks to ensure that IA guidelines were heeded at every step of the process. For example, developers now must have their code reviewed for IA impact before it can be accepted into the product. That IA awareness during development is now codified and followed by Epiphany engineers.
Cardio Server underwent several automated audits and three manual audits conducted by the United States Air Force. The automated tests involved the use of a scanning product called Retina. The manual tests involved a skilled Air Force contractor manually checking Cardio Server’s security posture by running through his own checklist.
The end result is that Epiphany’s DIACAP initiative has resulted in a more secure Cardio Server which will serve as a better neighbor in your corporate network. If you work in a DoD medical treatment facility then the software that you use must be DIACAP compliant and Cardio Server is ready to fill that role for you.
