Coalfire is a third-party auditor that you can rely on for EPCS assessment and certification. The rigorous standards outlined by the DEA can be difficult to navigate. Coalfire’s application security process educates client organizations about federal requirements that must be met while on the path to compliance before the application is put to use. The CISA lead team also conducts a gap analysis to identify areas where the application is deficient with remediation items, and finally the assessment and certification of the application.
Some items that will have to be assessed include access controls such as which two-factor authentication (2fa) vendors (FIPS 140-2 validated) are approved by the DEA for use in the application, identify proofing services, evidence management throughout the process, the overall system confidentiality and integrity, and we recommend the physical security around the application.
Coalfire is a leading application assessment auditor for electronic prescription applications, electronic medical record providers and payment applications.