Evaluation Results: MedSecure

Summary

87.50%

Compliance Score

7

Covered

0

Partial

1

Missing

Detailed Results

Rule	Framework	Status	Confidence	Evidence
Encryption of Personal Data in Transit GDPR-ART32-ENC-TRANS	GDPR	COVERED	HIGH	Protocol uses ChaCha20-Poly1305 with 256-bit keys for end-to-end encryption Meets GDPR Article 32 encryption requirement ✓
Mutual Authentication Between Entities GDPR-ART32-AUTH	GDPR	COVERED	HIGH	Protocol implements mutual authentication: device (Ed25519), server (X.509_certificate) Meets GDPR Article 32 mutual authentication requirement ✓
Data Integrity (MAC/Authentication Tags) GDPR-ART32-INTEGRITY	GDPR	COVERED	HIGH	Protocol uses AEAD cipher (ChaCha20-Poly1305) which provides data integrity Meets GDPR Article 32 data integrity requirement ✓
Comprehensive Audit Logging GDPR-ART32-LOGGING	GDPR	COVERED	HIGH	Protocol has comprehensive logging with 4 scope items and 90 days retention Meets GDPR Article 32 audit logging requirement ✓
Encryption and Decryption for Data in Motion HIPAA-SEC-CRYPTO	HIPAA	COVERED	HIGH	Protocol uses ChaCha20-Poly1305 encryption with ephemeral key exchange for forward secrecy Meets HIPAA Security Rule encryption requirement ✓
Access Controls (Authentication) HIPAA-SEC-ACCESS	HIPAA	COVERED	HIGH	Protocol uses mutual authentication with strong methods: Ed25519, X.509_certificate Meets HIPAA Security Rule access control requirement ✓
Firmware Must Be Digitally Signed HC-MED-FW-SIGN	Health Canada	MISSING	HIGH	Firmware updates are not enabled in this protocol If firmware OTA is required, enable signed firmware updates using RSA-2048, EdDSA, or ECDSA-P256
Comprehensive Audit Trail (Authentication, Key Changes, Errors) HC-MED-AUDIT	Health Canada	COVERED	HIGH	Protocol has comprehensive medical audit logging with 90 days retention and cloud transmission Meets Health Canada medical device audit requirements ✓