Information Assurance Project Group

Overview

The OSEHRA Information Assurance Project Group will develop and maintain a consistent approach to addressing Information Assurance (IA) requirements within OSEHRA VistA and other open source software managed by OSEHRA. This group will routinely and actively conduct tiger team activities against OSEHRA VistA to help identify vulnerabilites. The group will also monitor OSEHRA's dedicated email address for security issues reporting (security@osehra.org), and coordinate the community response to newly-discovered security issues and vulnerabilities.  Members of this group will be required to sign a Non-Disclosure Agreement that controls the dissemination of security vulnerability information, releasing such information only after appropriate remediation is available and a consensus on releasability is reached in the group.

Working Deliverables

The OSEHRA IA Project Group has several working deliverables that are currently in progress. Deliverables include vulnerability identification and remediation management, identifying critical system components, analyzing source code for security vulnerabilities and establishing secure coding best practices and guidelines. Deliverables are:

  • System Component Analysis Document
  • High Risk Component Analysis
  • Secure Coding Guidelines
  • Static Code Analysis Guidelines
  • Tiger Teaming Activities and Guidelines

Mailing List

Mailing list email address: infoassurance@groups.osehra.org

Group Email: 

infoassurance@groups.osehra.org
like0

HL7 Encryption

During our bi-weekly call today (April 1), we briefly discussed encryption of the HL7 protocol and secure transmission of data using HL7. I wanted to post a discussion forum on encryption concerns of HL7 and also receive feedback from the community on how encryption is addressed or not addressed currently in the field.

I found this wiki article on the HL7.org site title "Encryption and Security": http://wiki.hl7.org/index.php?title=Implementation_FAQ:Encryption_and_Se...

IA Working Group Call Agenda - April 1, 2014

Hello!

We hope you can join us for our 3PM IA Working Group call today.

Being that the IA working group is so new, we are currently trying to establish where we can provide the most value, and that's what today's call is going to cover. We want to ensure our efforts are focused on helping the open source community develop with security in mind and providing any relevant support for ensuring that OSEHRA.

And we promise, no lame April Fool's day pranks during today's call :)

Hope to see you there!

Information Assurance meeting today at 2pm

Greetings all,

Please join us today at 2pm Eastern for the Information Assurance work group call.  The login information is below:

Event Address: https://osehra.webex.com/osehra/onstage/g.php?t=a&d=668726598

Dial-in: 1-650-479-3207

Access code: 668 726 598
 
We hope to see you there!
 
 
Best,
The OSEHRA Admin Team

HL7 Encryption

During our bi-weekly call today (April 1), we briefly discussed encryption of the HL7 protocol and secure transmission of data using HL7. I wanted to post a discussion forum on encryption concerns of HL7 and also receive feedback from the community on how encryption is addressed or not addressed currently in the field.

I found this wiki article on the HL7.org site title "Encryption and Security": http://wiki.hl7.org/index.php?title=Implementation_FAQ:Encryption_and_Se...

IA Working Group Call Agenda - April 1, 2014

Hello!

We hope you can join us for our 3PM IA Working Group call today.

Being that the IA working group is so new, we are currently trying to establish where we can provide the most value, and that's what today's call is going to cover. We want to ensure our efforts are focused on helping the open source community develop with security in mind and providing any relevant support for ensuring that OSEHRA.

And we promise, no lame April Fool's day pranks during today's call :)

Hope to see you there!

Information Assurance meeting today at 2pm

Greetings all,

Please join us today at 2pm Eastern for the Information Assurance work group call.  The login information is below:

Event Address: https://osehra.webex.com/osehra/onstage/g.php?t=a&d=668726598

Dial-in: 1-650-479-3207

Access code: 668 726 598
 
We hope to see you there!
 
 
Best,
The OSEHRA Admin Team
No questions have been added to this group.
No wikis have been added to this group.

Recent activity in this group

Active in this group

Group contributors