Home page logo

basics logo Security Basics mailing list archives

HIPAA and endpoint certification
From: "Jarrod Frates" <jfrates.ml () gmail com>
Date: Fri, 23 Feb 2007 16:46:48 -0800

I need to get some clarification on the requirements regarding
certification of endpoints in transmission of HIPAA material.  As part
of a wireless project that is beginning soon, we're evaluating the
various EAP types available to us regarding practicality, support
availability, and (of course) regulatory compliance.  While we're
planning on using only EAP types that require a server-side
certificate at a minimum, are there any requirements for the client
side?  It is my understanding that we have to know *who* is connecting
to the network, but is a client-side certificate required for this
purpose, or is it sufficient to authenticate against a user database
of some sort?

Any references to specific code (even at a section level) would be
greatly appreciated.

Jarrod Frates

This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]