Enforcer proper authentication

Enforcer proper authentication

Risk: secure

Description

To keep the data private and secure, it’s important to authenticate users properly so that only those with the requisite credentials can access the accounts

HIPAA Access Control Requirements: In the case of access control, this is a standard element of data security and means that access to electronic protected health information will be restricted through a login and authentication method. Thus, a login mechanism is used to secure and control access to information, and only persons who have been granted the required access rights can log into information systems contain protected data.

Recommendation

The implementation is secure, no recommendations apply.

Links

• HIPAA Security Rules
• Security Standards: Technical Safeguards

Standards

• OWASP_MASVS_L1:
  • MSTG_ARCH_2
• OWASP_MASVS_L2:
  • MSTG_ARCH_2