Friday, May 24, 2019
Formal certification and accreditation (C&A) process Essay
The PKI moldiness go through a formal certification and accreditation (C&A) process before it can be deployed in Quality Medical Company (QMC) operational environment. An independent Third Party moldiness certify all (HIPPA) PKI systems. We allow for use system certification as a formal procedure for testing protective cover safeguards in the computer system or major cover to determine if they meet applicable requirements and specifications outlined.System accreditation is the formal authorization by a focus official for system operation and an explicit acceptance of the associated risk. The management official ensures that all equipment resides on the network under his authority is operated using approved security standards. All C&A evaluations or annual recapitulations must be conducted by a third party who must have not developed the present PKI solution or have any opposite business relationship with QMC.QMC Associate Chief Information Technology gage Officer undertake co mpliance requirements of this policy concerning data at rest and role-holders accession to managed networks, systems and servers Ensure public-companies regulations are implemented and in compliance Provide security standards for implementation of PKI in HIPPA information technology environments to ensure that they can handle rude(a) data and require non-repudiation Review company plans to implement this policy Review requests for exceptions or exceptions to this policy and Conduct reviews of U.S. Securities and Exchange (SEC) and HIPPA compliance to ensure compliance of this policy. Receive, review and coordinate a response with the QMC Chief Information Technology Officer for any exception requests for exceptions to this policy. Periodically review and update this notice as askQMC Chief Information Technology Officer will Ensure the provisions of this policy are implemented and enforced Ensurethat the requirements of PKI policy are fulfil prior to deployment of this t echnology on any QMC system Ensure that a backup of the encryption private key(s) is obtained that will be securely stored so encrypted documents may be historically retrieved. The signing private key will exist only on the key token or profile issued to the individual. The solution must provide a means for archival of private decryption keys, and support for the recovery of a private decryption key on request Ensure that agency server administrators, staff offices responsible for server presidentship, ISSPMs and security staff are acquainted and comply with the provisions of OCIO Cyber Security Guidance Regarding C2 Controlled Access fortress (CS-013 dated 3/6/02) -Assure that agency server administrators, staff offices responsible for server administration, information system security program managers and security staff are trained to implement and, maintain PKI at a functional C2 level and fully understand the ongoing responsibilities to preserve that level of server security .QMC Information Systems Security Program Manager will Monitor all agency PKI installations to ensure that the provisions of this policy are followed Coordinate with agency server administrators to ensure that precautions are taken to properly preserve the required level of server security Coordinate with agency personnel to ensure proper certification and accreditation occur on all PKI systems prior to deployment Coordinate with agency system owners to ensure that PKI private key pairs are properly stored.QMC System Administrators/Security Administrators responsible for server administration will Monitor vendor release notes for new security patches, service packs, software upgrades and updates Follow internal configuration management practices in installing security patches and updates and Maintain a configuration control manual that documents all changes to the servers with sensitive information.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.