Evaluation Results: Matter-v3

Summary

81.25%

Compliance Score

6

Covered

1

Partial

1

Missing

Detailed Results
Rule Framework Status Confidence Evidence
Encryption of Personal Data in Transit
GDPR-ART32-ENC-TRANS 		GDPR COVERED HIGH Protocol uses AES-256-GCM with 256-bit keys for end-to-end encryption
Meets GDPR Article 32 encryption requirement ✓
Mutual Authentication Between Entities
GDPR-ART32-AUTH 		GDPR COVERED HIGH Protocol implements mutual authentication: device (ECDSA), server (X.509)
Meets GDPR Article 32 mutual authentication requirement ✓
Data Integrity (MAC/Authentication Tags)
GDPR-ART32-INTEGRITY 		GDPR COVERED HIGH Protocol uses AEAD cipher (AES-256-GCM) which provides data integrity
Meets GDPR Article 32 data integrity requirement ✓
Comprehensive Audit Logging
GDPR-ART32-LOGGING 		GDPR PARTIAL MEDIUM Protocol has logging enabled with 3 scope items
Add missing scope items (authentication, key_rotation, data_access) and ensure minimum 30 days retention
Encryption and Decryption for Data in Motion
HIPAA-SEC-CRYPTO 		HIPAA COVERED HIGH Protocol uses AES-256-GCM encryption with ephemeral key exchange for forward secrecy
Meets HIPAA Security Rule encryption requirement ✓
Access Controls (Authentication)
HIPAA-SEC-ACCESS 		HIPAA COVERED HIGH Protocol uses mutual authentication with strong methods: ECDSA, X.509
Meets HIPAA Security Rule access control requirement ✓
Firmware Must Be Digitally Signed
HC-MED-FW-SIGN 		Health Canada MISSING HIGH Firmware updates are not signed or use unsupported signature algorithm
Implement firmware signing using RSA-2048, EdDSA, or ECDSA-P256 signature algorithm
Comprehensive Audit Trail (Authentication, Key Changes, Errors)
HC-MED-AUDIT 		Health Canada COVERED HIGH Protocol has comprehensive medical audit logging with 90 days retention and cloud transmission
Meets Health Canada medical device audit requirements ✓