Peter, I don't disagree with you. However, based on Glen's security report ( I suspect they are using Nessus/Retina to produce the scan result i.e. CVE - Common vulnerabilities and exposure ),his question was:
Does anyone know where to find such "stamp of approval" or "denial" from HIPAA's point of view? I can find no specific links to Django from hippa.org. Which governmental agency site should I be searching for with regard to Open Source and security? Response: No. Because Django is an "Open Source" Web Framework. You can certainly write a wrapper to secure the transaction such as implementing SSL in addition to encrypting the transactions during and at rest using FIPS-140 or AES. Or you can simply hire Security Engineers/Consultants. Either way there is no way around it because this is an Compliance issue which is federally mandated. On Mar 12, 6:31 pm, Peter Herndon <tphern...@gmail.com> wrote: > > You speak > > of HIPAA which translates to FISMA requirements. > > I suspect they are complementary, not equivalent. > > > I assume your web > > application i.e MYSQL will be storing Personal Identifiable > > Information (PII) such SSN, etc... In this case, you may have tough > > battle getting your web application approved. > > Hmm, I was assuming Glen's customer was a healthcare organization. If > you are looking for approval for use by a government agency, in > addition to HIPAA compliance, that's well beyond my experience. > > > Nevertheless, there are > > sites our there which may help you get started. > > > Check out the following websites: > > >http://www.commoncriteriaportal.org/ > >http://www.mitre.org/ > > On quick perusal, MITRE seems to have an open source tool LAIKA that > checks electronic health records for interoperability compliance. > Good stuff, if interoperability is a requirement. My experience with > HIPAA pretty much predates interoperability, and was focused on the > privacy and security regulations. > > ---Peter --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---