Security Testing Recommendations. The vendor should perform a series of steps to verify the security of applications, some of which are noted below. This section will not be validated by the County, but reflects best practices that the vendor should consider and follow. 1. Look for vulnerabilities at various layers of the target environment. In the lowest layer, the vendor’s testing team should look for flaws in the target network environment, including County of Orange Health Care Agency Page 48 MA-042-17011367 any routers and firewalls designed to control access to the web server and related target components. The team should attempt to determine whether such filters provide adequate protection at the network layer of the target hosts that the team can reach across the Internet. 2. Look for flaws in the Internet-accessible hosts associated with the target infrastructure, including the web server. This host-based component of the test will analyze which network-accessible services are available on the target hosts across the Internet, including the web server process. The testing team should look for incorrect configuration, unpatched or enabled services, and other related problems on the target hosts.
Appears in 2 contracts
Sources: Contract for Electronic Health Record System Maintenance and Support, Contract for Electronic Health Record System Maintenance and Support