FISMA / HIPAA Compliance on iOS

FISMA / HIPAA Compliance on iOS

Last night I presented at the MoDevDC Meetup on the topic of security on the iOS platform. It was a fun discussion among 50+ local mobile developers.

Synopsis:
In this presentation, I am going to discuss the technical challenges
of how we secure our app (iForm ES) in order to satisfy various
requirements from FISMA and HIPAA. This is a technical presentation
and code examples will be shared.

  • The basics: OS level security, keychain, file attributes,
  • Getting to jailbreak proof: local authentication, prevent keyboard
    cache, local database encryption
  • FISMA/HIPAA Compliance: FIPS 140-2, two factor authentication, intrusion prevention,
    end-to-end PKI, X.509 digital signature

Disclaimer: This is not a check list of how to get FISMA/HIPAA certifications. We are simply sharing our experience.

Here is the presentation: MoDevMeetup-05042011

And Code Examples