1. Network Communication Specifications

Network Configuration Section:

Network Ports and Services

The following table lists all network communication ports used by the SkeletonPlanner. Only these ports should be allowed through firewalls. All other ports should be blocked.

PortProtocolDirectionPurposeSecurity Features
443TCPInbound/OutboundHTTPS web interface accessTLS 1.2 or higher required, certificate-based authentication

 

2. Infrastructure and Integration Requirements

System Requirements Section:

Network Infrastructure Requirements

For proper security functionality, the SkeletonPlanner requires:

  • Network Bandwidth: Minimum 10 Mbps dedicated bandwidth
  • Latency: Maximum 100ms round-trip time to EMR systems
  • Protocols Supported:
    • IPv4 (IPv6 ready)
    • TCP/IP
    • HTTPS/TLS 1.2 and 1.3

Encryption Capabilities

The device supports the following encryption standards:

  • Data at Rest: AES-256 encryption for stored patient data
  • Data in Transit: TLS 1.2 minimum (1.3 preferred) with the following cipher suites:
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Certificate Management: The device uses X.509 certificates for authentication. Hospital IT must:

  1. Install hospital-issued certificates before deployment
  2. Update certificates before expiration
  3. Maintain certificate revocation lists (CRL)

3. Software Bill of Materials (SBOM)

For Technical Manual – Appendix:

Accessing the Software Bill of Materials

A complete Software Bill of Materials (SBOM) is available for vulnerability management and asset tracking. The SBOM lists all software components, versions, and known vulnerabilities.

To access the current SBOM:

  • Send an email to security@presurgeo.com
  • you’ll receive a link to access to SBOM
  • Download SBOM in SPDX or CycloneDX format (machine-readable)

 

4. Software Updates and Patch Management

Maintenance Section:

Security Updates and Patches

Regular security updates are essential for maintaining device security. Presurgeo provides security updates according to the following schedule:

Update Types:

  • Critical Security Updates: Released within 60 days of vulnerability discovery
  • Routine Security Updates: Released quarterly
  • Feature Updates: Released annually (may include security enhancements)

Update Notifications: every customer is automatically registered to receive security updates notifications.

 

5. Security Event Detection and Response

Troubleshooting Section:

Security Alerts and Indicators

The SkeletonPlanner monitors for security events and provides the following alerts:

Security Events Monitored:

  • Failed login attempts (>3 attempts triggers account lockout)
  • Unauthorized configuration changes
  • Network anomalies or suspicious traffic
  • Certificate expiration warnings

When Security Alerts Occur:

If you see a security alert:

  1. Note the exact alert message and time
  2. Check the security log for details
  3. Contact IT security team immediately
  4. Document the incident per hospital procedures

Security Logging: The device maintains security logs for 90 days, including:

  • User login/logout events
  • Configuration changes
  • Security alerts and responses
  • System errors potentially related to security
  • Data access audit trail

Logs can be exported in CSV or SYSLOG format for SIEM integration.

6. Vulnerability Disclosure and Security Contact

Support Section:

Coordinated Vulnerability Disclosure

Presurgeo maintains a coordinated vulnerability disclosure program. To report security vulnerabilities:

Security Contact Information:

  • Email: security@presurgeo.com

Our Commitment:

  • Acknowledge receipt within 7 business days
  • Provide regular updates on remediation progress
  • Credit researchers (with permission) in security advisories
  • No legal action against good faith security research

Security Advisories: Published at: https://presurgeo.com/security/advisories

7. Quick Reference Security Guide

SkeletonPlanner Security Quick Reference

Daily Security Checks:

  •  Verify secure connection established
  •  Check for security alerts on main screen

Security Incident Response:

  1. Alert → Contact IT immediately
  2. Document: Alert type, time, actions taken

Important Security Contacts:

  • Hospital IT Security
  • Presurgeo Security: security@presurgeo.com
  • Device Serial

Password Requirements:

  • Minimum 8 characters, maximum 64 characters
  • Include uppercase, lowercase, numbers, symbols