The application must implement basic security behaviors:
Category |
Behavior |
Authentication |
Authenticate using at least a user name and a password. |
Authorization |
Based on the user role, the user may only access categories they have been given permission to access. |
Confidentiality |
Sensitive data must be encrypted (Patient Notes). |
Data Integrity |
Data sent across the network cannot be modified by a tier. |
Auditing |
In the later releases we may implement logging of sensitive actions. |
