The application must implement basic security behaviors:
Category | Behavior |
Authentication | Authenticate using at least a user name and a password. |
Authorization | Based on the user role, the user may only access categories they have been given permission to access. |
Confidentiality | Sensitive data must be encrypted (Patient Notes). |
Data Integrity | Data sent across the network cannot be modified by a tier. |
Auditing | In the later releases we may implement logging of sensitive actions. |
