blogheader-bg.jpg

Epiphany Healthcare Blog

Epiphany’s Cardio Server Receives DIACAP Certification

Posted by Allison Fawber on December 21, 2012 at 10:36 AM
The United States Department of Defense (DoD) (Air Force) awarded Epiphany its DIACAP certification for Cardio Server on December 21, 2012. DIACAP stands for DoD Information Assurance Certification and Accreditation Process. It is a multi-faceted approach to security involving assessment, remediation, monitoring, and vigilance. Further, it requires the company whose system or software is involved to potentially tighten their processes and to maintain continuous compliance.

Epiphany's Cardio Server is DIACAP Certified

Over the past year, Epiphany’s Cardio Server has undergone the stringent DIACAP certification process. It involved a thorough inspection of our development and support processes with an overall security posture in view. During the certification process, every line of code was audited by the Epiphany engineering team for (Information Assurance) IA compliance. All points of entry into the system were documented and tested.


Here is the breakdown of systems tested and the number of checks involved for Cardio Server:

  • Windows Server Operating System: 315
  • .NET: 73
  • Application Development: 158
  • IIS: 65
  • Internet Explorer: 128
  • Database: 231


In all, 970 discrete security checks were made on Cardio Server. The results of some checks required remediation in order to make the application DIACAP compliant. For example, vulnerabilities related to Web Services were addressed. Another example would be that when an account has been locked out due to failed attempts, it can only be reset by an administrator; there is no reset based on duration. Even the development process was tweaked as a result of these checks to ensure that IA guidelines were heeded at every step of the process. For example, developers now must have their code reviewed for IA impact before it can be accepted into the product. That IA awareness during development is now codified and followed by Epiphany engineers.

Cardio Server underwent several automated audits and three manual audits conducted by the United States Air Force. The automated tests involved the use of a scanning product called Retina. The manual tests involved a skilled Air Force contractor manually checking Cardio Server’s security posture by running through his own checklist.

The end result is that Epiphany’s DIACAP initiative has resulted in a more secure Cardio Server which will serve as a better neighbor in your corporate network. If you work in a DoD medical treatment facility then the software that you use must be DIACAP compliant and Cardio Server is ready to fill that role for you.

 

Download_Overview

Topics: EKG software, ECG software, Epiphany's Cardio Server, DIACAP, DIACAP Certification

Posts by Tag

see all

Follow Us: