Every two minutes Pyrenth checks each control against the running application and updates the list below. No patient health information appears here. The real evidence files a third party assessor reviews sit behind the assessor sign in.
| Control | Framework | Status | Detail |
|---|---|---|---|
| HSPD-12-3 | HSPD-12 | Pass | SAML/OIDC federation configured (saml=placeholder/unset, oidc=login.gov, cognito_saml_broker=false, cognito_idps=unset); PIV-capable IdP can broker authentication |
| FIPS-201-3-4.3.1 | HSPD-12 | Pass | CHUID parser enabled in SSO callback handler |
| FIPS-201-3-6 | HSPD-12 | Pass | 3-factor authentication enforced (smart-card + PIN + biometric) or dev mode |
| FIPS-201-3-6.2 | HSPD-12 | Pass | Federal PKI trust anchor bundle present at certs/fpki/federal-common-policy-ca-g2.pem; PIV cert chain validatable to Federal Common Policy CA |
| HSPD-12-4 | HSPD-12 | Pass | PIV CRL/OCSP check enabled on every authentication |
| PIV-I | HSPD-12 | Not applicable | No PIV-I partners configured yet (acceptable until VA EHR integration goes live) |