Epiphany’s Cardio Server Receives DIACAP Certification

The United States Department of Defense (DoD) (Air Force) awarded Epiphany its DIACAP certification for Cardio Server on December 21, 2012.

  • Share on TwitterShare on FacebookShare on Google+Share on LinkedInEmail a friend
"Epiphany’s DIACAP initiative has resulted in a more secure Cardio Server which will serve as a better neighbor in your corporate network", states Mike Kelley, Software Developer at Epiphany.

(PRWEB) January 07, 2013

DIACAP stands for DoD Information Assurance Certification and Accreditation Process. It is a multi-faceted approach to security involving assessment, remediation, monitoring, and vigilance. Further, it requires the company whose system or software is involved to potentially tighten their processes and to maintain continuous compliance.

Over the past year, Epiphany’s Cardio Server ECG Management System has undergone the stringent DIACAP certification process. It involved a thorough inspection of our development and support processes with an overall security posture in view. During the certification process, every line of code was audited by the Epiphany engineering team for (Information Assurance) IA compliance. All points of entry into the system were documented and tested.

The following is the breakdown of systems tested and the number of checks involved for Cardio Server:

  • Windows Server Operating System: 315
  • .NET: 73
  • Application Development: 158
  • IIS: 65
  • Internet Explorer: 128
  • Database: 231

In all, 970 discrete security checks were made on Cardio Server, resulting in some checks requiring modification in order to make the application DIACAP compliant. Even the development process was tweaked as a result of these checks to ensure that IA guidelines were heeded at every step of the process. For example, developers now must have their code reviewed for IA impact before it can be accepted into the product. That IA awareness during development is now codified and followed by Epiphany engineers.

Cardio Server underwent several automated audits and three manual audits conducted by the United States Air Force. The automated tests involved the use of a scanning product called Retina. The manual tests involved a skilled Air Force contractor manually checking Cardio Server’s security posture by running through a comprehensive checklist.

"Epiphany’s DIACAP initiative has resulted in a more secure Cardio Server which will serve as a better neighbor in your corporate network", states Mike Kelley, Software Developer at Epiphany. "If you work in a DoD medical treatment facility, then the software that you use must be DIACAP compliant and Cardio Server is ready to fill that role for you."

Epiphany Cardiography Products, LLC.

Founded in 2004, Epiphany’s mission is to simplify the collection and management of diagnostic test results. With over 450 hospital users in the US and abroad, Epiphany is committed to serving its customers’ needs through product innovation and the delivery of exceptional service with an unwavering dedication to driving open systems. Discover why Epiphany is preferred when managing multi-vendor, multi-modality diagnostic test results.


Contact