The following are security requirements and recommendations for the Clinician Window UI:
-
When running Clinician Window, an anti-virus software must be installed on the same machine as the Clinician Window UI installation.
-
It is required that HTTPS be used to authenticate requests made to the Clinician Window UI.
-
For the purposes of reducing potential security risks when using authentication during active Clinician Window sessions, it is strongly recommended that the Access Token Lifetime setting on the IdP server be configured to expire after a period of 30 minutes of inactivity. However, for increased security, it is generally recommended to configure this setting to expire after a period of 5-10 minutes. For information on configuring the Access Token Lifetime setting on the IdP server, see the Hyland Identity and Access Management Services documentation.
-
For additional security measures, it is strongly recommended that all known URLs that will access the Clinician Window UI be placed in the contentSecurityPolicy.json configuration file. For more information on adding these URLs to the contentSecurityPolicy.json configuration file, see Configuring URLs for the Content Security Policy.
-
For additional security measures, when using Internet Explorer it is recommended to add the X-Frame-Options security header in the HTTP Response Headers section of your IIS application.