NIST SPECIAL PUBLICATION 1800-1
Securing Electronic Health Records on Mobile Devices¶
Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B), How-To Guides (C), Standards and Controls Mapping (D), and Risk Assessment and Outcomes (E)
Gavin O’Brien
Nate Lesser
Brett Pleasant
Sue Wang
Kangmin Zheng
Colin Bowers
Kyle Kamke
This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.1800-1
The first draft of this publication is available free of charge from: https://www.nccoe.nist.gov/sites/default/files/library/sp1800/hit-ehr-nist-sp1800-1-draft.pdf
NIST SPECIAL PUBLICATION 1800-1
Securing Electronic Health Records on Mobile Devices
Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B), How-To Guides (C), Standards and Controls Mapping (D), and Risk Assessment and Outcomes (E)
Gavin O’Brien
Nate Lesser
National Cybersecurity Center of Excellence
Information Technology Laboratory
Brett Pleasant
Sue Wang
Kangmin Zheng
The MITRE Corporation
McLean, VA
Colin Bowers
Kyle Kamke
Ramparts, LLC
Clarksville, MD
July 2018
U.S. Department of Commerce
Wilbur Ross, Secretary
National Institute of Standards and Technology
Walter Copan, Undersecretary of Commerce for Standards and Technology and Director
- Volume C
- 1. Introduction
- 2. Operating Systems
- 3. Basic Network Infrastructure Services
- 4. Configuration Management
- 5. Backup
- 6. Certificate Authority
- 7. Identity and Access Controls
- 7.1. Cisco Identity Services Engine
- 7.2. Cisco ISE Post-Installation Tasks
- 7.3. Configure Cisco ISE to Support EAP-TLS Authentication
- 7.3.1. Set ISE to support RADIUS authentication
- 7.3.2. Enable PKI in Cisco ISE
- 7.3.3. Populate Certificate Store with Required CA-Signed Certificates
- 7.3.4. Set Identity Source for Client Certificate Authentication
- 7.3.5. Set Authentication Protocols
- 7.3.6. Configure Cisco ISE to Integrate with Fiberlink MaaS360
- 7.3.7. Configure Cisco ISE to Authorization Policy
- 8. Remote Office Network Configuration
- 9. Virtual Private Network Using Intel Identity Protection Technology with PKI
- 10. Hosts and Mobile Device Security
- 11. Governance, Risk, and Compliance
- Volume E
- 1. Practice Guide Structure
- 2. Introduction
- 3. Results
- 4. Security Controls Assessment
- 5. Risk Assessment Methodology
- 6. Risk Assessment Results
- 7. Tests Performed in Security Controls Assessment
- 8. Risk Questionnaire for Healthcare Organizations Selecting a Cloud-Based Electronic Health Record Provider