Evaluation Results: Matter

Summary

68.75%

Compliance Score

5

Covered

1

Partial

2

Missing

Detailed Results

Rule	Framework	Status	Confidence	Evidence
Encryption of Personal Data in Transit GDPR-ART32-ENC-TRANS	GDPR	MISSING	HIGH	Protocol does not meet encryption requirements for data in transit Enable encryption with AES-128-GCM or stronger, minimum 128-bit keys, and ensure scope covers data in transit
Mutual Authentication Between Entities GDPR-ART32-AUTH	GDPR	COVERED	HIGH	Protocol implements mutual authentication: device (ECDSA_P-256), server (X.509_certificate) Meets GDPR Article 32 mutual authentication requirement ✓
Data Integrity (MAC/Authentication Tags) GDPR-ART32-INTEGRITY	GDPR	COVERED	HIGH	Protocol uses AEAD cipher (AES-256-CCM) which provides data integrity Meets GDPR Article 32 data integrity requirement ✓
Comprehensive Audit Logging GDPR-ART32-LOGGING	GDPR	PARTIAL	MEDIUM	Protocol has logging enabled with 3 scope items Add missing scope items (authentication, key_rotation, data_access) and ensure minimum 30 days retention
Encryption and Decryption for Data in Motion HIPAA-SEC-CRYPTO	HIPAA	MISSING	HIGH	Protocol does not meet HIPAA encryption requirements for data in motion Enable encryption with supported algorithms and implement ephemeral key exchange
Access Controls (Authentication) HIPAA-SEC-ACCESS	HIPAA	COVERED	HIGH	Protocol uses mutual authentication with strong methods: ECDSA_P-256, X.509_certificate Meets HIPAA Security Rule access control requirement ✓
Firmware Must Be Digitally Signed HC-MED-FW-SIGN	Health Canada	COVERED	HIGH	Firmware updates are signed using ECDSA-P256 Meets Health Canada medical device firmware signing requirement ✓
Comprehensive Audit Trail (Authentication, Key Changes, Errors) HC-MED-AUDIT	Health Canada	COVERED	HIGH	Protocol has comprehensive medical audit logging with 90 days retention and cloud transmission Meets Health Canada medical device audit requirements ✓