siteSecurityInfo file
In earlier CIS versions, any user could turn on/off SMAT/error/internal database encryption in the IDE's Site Preferences dialog box. This defeats HIPAA /security control when you are hosting in the Cloud.
In CIS, only the administrator can turn on/off encryption in the ST Cloud.
These options are located on the Server Administration GUI. On this GUI, the administrator can choose to switch to SMAT, error, or internal database encryption for a site. The corresponding site configuration information is saved in the site/siteInfo file.
There is no option for users to switch between SMAT, error, or internal database encryption on the Site Preferences dialog box.
Disk encryption, which cannot be switched to "on" or "off" by users, satisfies the HIPAA compliance regulations. SMAT database encryption is another level of encrypted data that adds additional security beyond the HIPAA requirements.
For Cloverleaf Cloud, SMAT database encryption is restricted and enforced at the admin level. This is not a user option. This applies to the error and internal databases.
With this level of security, for users who create a site, the SMAT/error/internal databases are saved into an encrypted database. There is no option for users to choose not to save into the encrypted database.
siteSecurityInfo
In earlier CIS versions, the internal, error, and SMAT database encryption settings were stored in siteInfo. For security reasons, these settings are now stored in the $HCISITEDIR/siteSecurityInfo file.
The database encryption settings are configurable only on the Server Administration dialog box.
For hciengine and hcimonitord, if there is no siteSecurityInfo file in the current site, or a required file item is missing, then the default values are used to access the databases. In this case, each database is processed as encrypted, using the default password.
For the database-related tools, if there is no siteSecurityInfo file in the current site, the tools exit with errors. If the required items are not found, then the default values are used.
Key names in the siteSecurityInfo file are case insensitive.
The database-related tools include:
- hcidbinit
- hcidbcrypt
- hcidbcheck
- hcidbdefrag
- hcidbconvert
- hcidbdump
- hcidbsetvers
Affected files are:
- bin/hciengine(.exe)
- bin/hcimonitord(.exe)
- clgui/lib/DBSearchInterface.jar
- bin/hcidbcheck(.bat)
- bin/hcidbconvert(.bat)
- bin/hcidbcrypt(.bat)
- bin/hcidbdefrag(.bat)
- bin/hcidbdump(.exe)
- bin/hcidbinit(.bat)
- bin/hcidbsetvers(.exe)
- bin/hcismatcycle(.bat)
- bin/hcismatconvert(.bat)
- bin/hcismatcrypt(.bat)
- bin/hcisiteinit(.bat)
- bin/hcicreatesite(.bat)
- bin/hcitcl(.exe)
- bin/hcirootcopy(.bat)