Page Comparison

...

Table of Abbreviations and Acronyms

...

Authentication and authorization are critical components of security that ensure only legitimate users can access the OpenMRS system and its data. Strong mechanisms help prevent help prevent unauthorized access.

Basic principles of authentication & authorization

...

Input validation is an important security precaution that involves checking and cleaning user inputs to avoid common vulnerabilities like SQL injection and cross-site scripting (XSS).

Incident Response and Monitoring

...

Incident Response Plan

• Create an incident response strategy that outlines roles, responsibilities, and processes for reacting to security issues.

• Run frequent drills to guarantee preparedness.

Security Monitoring

• Use security monitoring tools to detect and alert to questionable activity. Use IDS and log monitoring tools.

Log Management

• Enable logging on all key systems and apps.

• Review and analyze logs on a regular basis to detect security events and abnormalities.

Compliance & Governance

Compliance:

• Ensure compliance with applicable laws and regulations, including HIPAA, GDPR, and local healthcare legislation.

• Conduct periodical audits to determine compliance.

Security Policies

• Create and follow security policies, procedures, and recommendations.

• Policies should be reviewed and updated on a regular basis to reflect technological and regulatory developments.

 Training and Awareness

...

Offer continuing security training and awareness initiatives to all users, administrators, and developers.

...

.

Tomcat Security 

Tomcat minimum baseline security standards focus on securing the application server and its deployment applications. Key control  points include:

...

• Configuration:

  • Disabling unnecessary modules

  • Configuring error pages to avoid revealing sensitive information

  • Limiting request headers and body sizes

  • Implementing rate limiting to prevent denial-of-service attacks

• Access Control:

  • Using .htaccess files for directory-level access control

  • Configuring strong authentication mechanisms

  • Implementing WAF (Web Application Firewall) rules

• SSL/TLS:

  • Using strong cipher suites

  • Enabling HTTP Strict Transport Security (HSTS)

...

Incident Response and Monitoring

...

Incident Response Plan

• Create an incident response strategy that outlines roles, responsibilities, and processes for reacting to security issues. Resource: Sample Incident Response Plan

• Run frequent drills to guarantee preparedness.

Security Monitoring

• Use security monitoring tools to detect and alert to questionable activity. Use IDS and log monitoring tools.

Log Management

• Enable logging on all key systems and apps.

• Review and analyze logs on a regular basis to detect security events and abnormalities.

Compliance & Governance

Compliance:

• Ensure compliance with applicable laws and regulations, including HIPAA, GDPR, and local healthcare legislation.

• Conduct periodical audits to determine compliance.

Security Policies

• Create and follow security policies, procedures, and recommendations.

• Policies should be reviewed and updated on a regular basis to reflect technological and regulatory developments.

 Training and Awareness

• Offer continuing security training and awareness initiatives to all users, administrators, and developers.

• Encourage a culture of security throughout the organization.

Conclusion

Implementing this Minimum Security Baseline for OpenMRS will assist to reduce risks and safeguard sensitive health information. Regular assessments and revisions to this baseline are required to respond to emerging risks and changes in the technological ecosystem. It is a necessity in today’s threat landscape to implement these security practices.

...