Jarvis, If you are looking for a 'Stamp of Approval', you may be looking at the wrong place. Django is an "Open Source" web framework which hasn't been formally certified and accredited by the US Government. You speak of HIPAA which translates to FISMA requirements. I assume your web application i.e MYSQL will be storing Personal Identifiable Information (PII) such SSN, etc... In this case, you may have tough battle getting your web application approved. Nevertheless, there are sites our there which may help you get started.
Check out the following websites: http://www.commoncriteriaportal.org/ http://www.mitre.org/ Good luck! Let me know I can further assist you. Cheers. On Mar 12, 3:45 pm, Glen Jarvis <g...@glenjarvis.com> wrote: > I have a customer who has a Django application that I have upgraded to > Django 1.1. > > The customer wants to take this software in a more public arena. He > has to get HIPAA approval. The data is stored in a MySQL database and > the standard Django User Authentication model is used (out of the box > with no changes). Since security is a concern for the customer, I > wanted to find all information from HIPAA regarding the Django User > Authentication/Sessions security model before I did more work. I > expected to see documents that they have approved this model in the > past. But, I'm getting caught in all types of minutia and can't seem > to find information directly relating to HIPAA's criteria for web > security and Django User Authentication. > > I only found one security report (and it wasn't related to session > login at all): > > 07.45.60 CVE: Not Available > Platform: Web Application > Title: Django i18n Remote Denial of Service > Description: Django is a Python-based framework for building web > applications. The application is exposed to a remote denial of service > issue because it fails to adequately handle user-supplied input. This > issue affects the "i18n" internationalization system when processing > specially crafted "Accept-Language" HTTP requests. Django versions > 0.91, 0.95, 0.95.1, and 0.96 are affected. > Ref:http://www.djangoproject.com/weblog/2007/oct/26/security-fix/ > > Does anyone know where to find such "stamp of approval" or "denial" > from HIPAA's point of view? I can find no specific links to Django > from hippa.org. Which governmental agency site should I be searching > for with regard to Open Source and security? > > Thanks in advance for any direction you can lead me in (where to go or > who to talk to), > > Cheers, > > Glen > -- > g...@glenjarvis.com > > "You must be the change you wish to see in the world." -M. Gandhi > > -- > 415-680-3964 > g...@glenjarvis.comhttp://www.glenjarvis.com > > "You must be the change you wish to see in the world." -M. Gandhi --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
