Compliance Score
Covered
Partial
Missing
| Rule | Framework | Status | Confidence | Evidence |
|---|---|---|---|---|
|
Encryption of Personal Data in Transit GDPR-ART32-ENC-TRANS |
GDPR | COVERED | HIGH |
Protocol uses AES-128-CCM with 128-bit keys for link-layer encryption Meets GDPR Article 32 encryption requirement ✓ |
|
Mutual Authentication Between Entities GDPR-ART32-AUTH |
GDPR | PARTIAL | MEDIUM |
Protocol implements one-way authentication only Enable mutual authentication for full compliance |
|
Data Integrity (MAC/Authentication Tags) GDPR-ART32-INTEGRITY |
GDPR | COVERED | HIGH |
Protocol uses AEAD cipher (AES-128-CCM) which provides data integrity Meets GDPR Article 32 data integrity requirement ✓ |
|
Comprehensive Audit Logging GDPR-ART32-LOGGING |
GDPR | MISSING | HIGH |
Protocol does not have comprehensive audit logging Enable audit logging with scope covering authentication, key_rotation, and data_access events (minimum 30 days retention) |
|
Encryption and Decryption for Data in Motion HIPAA-SEC-CRYPTO |
HIPAA | MISSING | HIGH |
Protocol does not meet HIPAA encryption requirements for data in motion Enable encryption with supported algorithms and implement ephemeral key exchange |
|
Access Controls (Authentication) HIPAA-SEC-ACCESS |
HIPAA | PARTIAL | MEDIUM |
Protocol has authentication but may not meet full HIPAA requirements Implement mutual authentication with strong cryptographic methods (X.509, Ed25519, ECDSA) |
|
Firmware Must Be Digitally Signed HC-MED-FW-SIGN |
Health Canada | MISSING | HIGH |
Firmware updates are not signed or use unsupported signature algorithm Implement firmware signing using RSA-2048, EdDSA, or ECDSA-P256 signature algorithm |
|
Comprehensive Audit Trail (Authentication, Key Changes, Errors) HC-MED-AUDIT |
Health Canada | MISSING | HIGH |
Protocol does not meet Health Canada medical device audit requirements Enable comprehensive audit logging covering authentication, key_rotation, and errors with minimum 90 days retention and cloud/local transmission |