That's actually the concept behind the common criteria evaluations. It used to be the Rainbow Series of books that defined security practices.<br><br>One of the big problems with a centeral certification authority is that in the case of Sarbanes-Oxley, there is no defined practice that codified in the act. It all comes down to interpretation of intent and individual reading of the law as interpreted by administrative organizations. It's all that fun theoretical legal stuff that has no clear answer and is really only one step closer to reality than Kant or Neitzche.
<br><br>Until we actually get some good case law on the subject, it will be next to impossible to get an authoritative certification body without industry consensus. Right now the industry can't decide on how it wants to handle cascading style sheets on internet web sites without divergent implementations - I don't have real high hopes for an effective working group on comprehensive security practices.
<br><br>But that's just my take on the subject. Then again, I tend to be pessimistic about these things.<br><br>brad<br><br><div><span class="gmail_quote">On 7/20/06, <b class="gmail_sendername">anthonyriga</b> <<a href="mailto:torrodimerda@yahoo.com">
torrodimerda@yahoo.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I agree with Pete on this one. There should be some
<br>sort of comitee that truly certifys that these os's<br>meet hippa sarbanes oxley etc... compliances. Really<br>what you need for a comitte of lawyers that know IP<br>laws and have a real understanding of computer science
<br>engineering .Not bunch of politicians that are making<br>IT industry decisions that dont know how to even turn<br>their pcs on but are getting pay offs from Brother<br>Bill in Redmond.<br> If a doctor is using a windows pc that involves
<br>surgery to place over 100 recording electrodes in a<br>patient, the PC-based systems use Microsoft Windows<br>[because all but one vendor of these systems use<br>Microsoft operating systems] and multimedia programs<br>
to capture the patient's data. If, after a Microsoft<br>service pack is applied to overcome a security<br>weakness in their operating system, and the service<br>pack also secretly breaks the multimedia software<br>and/or revokes access to our patient's data, thus
<br>damaging patient care, who is responsible?<br><br><br>> As far as HIPPA compliance on ANY windows box, I<br>> don't see how this is<br>> possible! One quick read of the EULA for windows<br>> should show glaring
<br>> problems like.....<br>><br>> * Consent to Use of Data.? You agree that Microsoft<br>> and its<br>><br>> ????? affiliates may collect and use technical<br>> information<br>><br>> ????? gathered in any manner as part of the product
<br>> support<br>><br>> ????? services provided to you, if any, related to<br>> the Product.<br>><br>> ????? Microsoft may use this information solely to<br>> improve<br>><br>> ????? our products or to provide customized services
<br>> or<br>><br>> ????? technologies to you.? Microsoft may disclose<br>> this<br>><br>> ????? information to others, but not in a form that<br>> personally<br>><br>> ????? identifies you.??<br>
><br>> I would think that technically the HIPPA rules would<br>> have a problem with<br>> this but they look the other way of course for<br>> windows.<br>><br>><br>> _______________________________________________
<br>> nflug mailing list<br>> <a href="mailto:nflug@nflug.org">nflug@nflug.org</a><br>> <a href="http://www.nflug.org/mailman/listinfo/nflug">http://www.nflug.org/mailman/listinfo/nflug</a><br>><br><br><br>__________________________________________________
<br>Do You Yahoo!?<br>Tired of spam? Yahoo! Mail has the best spam protection around<br><a href="http://mail.yahoo.com">http://mail.yahoo.com</a><br>_______________________________________________<br>nflug mailing list<br>
<a href="mailto:nflug@nflug.org">nflug@nflug.org</a><br><a href="http://www.nflug.org/mailman/listinfo/nflug">http://www.nflug.org/mailman/listinfo/nflug</a><br></blockquote></div><br>