Hi all I might be working with a small entity that is being funded by NASA. I have worked with companies that have to follow HIPAA before so I'm no stranger to mandated security requirements. However I can't find anything that will allow me to parse the Federal IT Security Regulation requirements. Does anybody have experience with those and could maybe give me a down and dirty outline where I can do further research to make sure that the database that I'm building can stay compliant. I don't need to pass any security clearances but I do need to stay compliant.
Here's what I'd like to use.
OwnCloud
Onsite development environment behind a dedicated Linux firewall
A static IP that's not tied to a public DNS
Server running CentOS with only one admin account
Backup between remote servers over SFTP
Verizon Enterprise FIOS
What pitfalls should I be looking out for?
Thanks in advance guys!
[link][2 comments]