Evaluation Results: LoRaWAN-v2

Summary

18.75%

Compliance Score

0

Covered

3

Partial

5

Missing

Detailed Results
Rule Framework Status Confidence Evidence
Encryption of Personal Data in Transit
GDPR-ART32-ENC-TRANS
GDPR MISSING HIGH Protocol does not meet encryption requirements for data in transit
Enable encryption with AES-128-GCM or stronger, minimum 128-bit keys, and ensure scope covers data in transit
Mutual Authentication Between Entities
GDPR-ART32-AUTH
GDPR PARTIAL MEDIUM Protocol implements one-way authentication only
Enable mutual authentication for full compliance
Data Integrity (MAC/Authentication Tags)
GDPR-ART32-INTEGRITY
GDPR MISSING HIGH Protocol does not provide data integrity protection
Implement AEAD ciphers or message authentication codes (MAC) for data integrity
Comprehensive Audit Logging
GDPR-ART32-LOGGING
GDPR MISSING HIGH Protocol does not have comprehensive audit logging
Enable audit logging with scope covering authentication, key_rotation, and data_access events (minimum 30 days retention)
Encryption and Decryption for Data in Motion
HIPAA-SEC-CRYPTO
HIPAA PARTIAL MEDIUM Protocol uses encryption (AES-128-CBC) but lacks ephemeral key exchange
Enable ephemeral key exchange for forward secrecy compliance
Access Controls (Authentication)
HIPAA-SEC-ACCESS
HIPAA PARTIAL MEDIUM Protocol has authentication but may not meet full HIPAA requirements
Implement mutual authentication with strong cryptographic methods (X.509, Ed25519, ECDSA)
Firmware Must Be Digitally Signed
HC-MED-FW-SIGN
Health Canada MISSING HIGH Firmware updates are not signed or use unsupported signature algorithm
Implement firmware signing using RSA-2048, EdDSA, or ECDSA-P256 signature algorithm
Comprehensive Audit Trail (Authentication, Key Changes, Errors)
HC-MED-AUDIT
Health Canada MISSING HIGH Protocol does not meet Health Canada medical device audit requirements
Enable comprehensive audit logging covering authentication, key_rotation, and errors with minimum 90 days retention and cloud/local transmission