Threat Models
We have adopted a simple process to document and track threats, as described here: Threat Model Process
- Threat Model - Simple SMTP describes a deployment using existing, off-the-shelf technology with client-side PKI and encryption/signatures
- Threat Model - SMTP with Full Service HISPs describes a deployment where HISPs provide all PKI and encryption/signatures using a security agent.
- Threat Model - Direct to and from XDR describes a deployment where the Direct Project solution is interacting with an XDR environment.
Workgroup members, please indicate your vote on this page.
VOTE ON XDR THREAT MODELS
Please review: Threat Model - Direct to and from XDR
- Consensus Security and Trust WG Call for Consensus.
- THIS VOTE IS NOW CLOSED. The threat model is accepted with 3 explicit YES votes, 0 NO votes, and the rest as silent assent.
- We will now take all threat models to the wider Implementation Group for Consensus.
| Organization |
Agree |
Notes |
| Allscripts |
||
| Axolotl |
||
| CareSpark/Anakam (HIE Tech) |
||
| Cautious Patient |
||
| Cerner |
||
| Clinical Groupware Collaborative |
||
| CSC |
||
| Epic |
||
| GE |
Yes |
|
| Healthcare Information Xchange of NY |
||
| HLN Consulting |
||
| MedAllies |
||
| Medicity |
||
| Microsoft |
||
| Mirth Corporation |
||
| Misys Open Source Solutions |
||
| Oracle Health Sciences Global Strategies |
||
| RelayHealth |
||
| Siemens |
||
| Social Security Administration |
||
| Surescripts |
Yes |
|
| VA |
||
| VisionShare |
Yes |
VOTE ON SMTP THREAT MODELS
THIS VOTE IS NOW CLOSED and the two threat models are accepted with 4 explicit YES votes, 0 NO votes, and the rest as silent assent. We will not take this vote to the full IG at this time for consensus -- instead, we will wait until the XDD threat model (TBD) obtains workgroup consensus and then take all the threat models to the IG as a package.
9/10/2010 - Call for workgroup consensus on the "Simple SMTP" and "SMTP with Full Service HISPs" models. As usual, if you vote NO, the expectation is that you will add comments to indicate what woudl be required to change your vote to YES. If you do not vote, that will be interpreted as assent. If you have participated in the workgroup and your organization was inadvertently left off of the list below, feel free to add a new row with your vote. Thank you!
| Organization |
Agree |
Notes |
| Allscripts |
||
| Axolotl |
||
| CareSpark/Anakam (HIE Tech) |
||
| Cautious Patient |
||
| Cerner |
||
| Clinical Groupware Collaborative |
||
| CSC |
||
| Epic |
||
| GE |
YES |
|
| Healthcare Information Xchange of NY |
||
| HLN Consulting |
||
| MedAllies |
||
| Medicity |
||
| Microsoft |
YES |
|
| Mirth Corporation |
||
| Misys Open Source Solutions |
||
| Oracle Health Sciences Global Strategies |
||
| RelayHealth |
||
| Siemens |
YES |
|
| Social Security Administration |
||
| SureScripts |
||
| VA |
||
| VisionShare |
Yes |