Washington Department of Labor Security Implementation

This document is a technical report detailing the security implementation processes undertaken by the Washington Department of Labor & Industries. It outlines the challenges faced due to the separate security measures applied to various applications within the department, which led to redundancy and inconsistencies in law and policy application. The report describes an initial project phase termed 'exegesis,' which involved a comprehensive review of applicable laws, regulations, and internal policies related to data security. The analysis revealed nuanced distinctions, particularly concerning patient rights under laws like HIPAA. Subsequently, a set of compliance rules was developed to accommodate a significant increase in user base from 3,000 to 3,000,000. The report also discusses the limitations encountered with existing security software vendors regarding authentication and authorization, leading to the design of a custom shared security service that has been operational for over five years, with ongoing retrofitting of existing systems.