According to immuniweb, the only thing standing between the current site configuration and compliance with both NIST and HIPAA is OCSP stapling.
And, both LE (our certificate provider) and Hitch (our TLS endpoint) support OCSP stapling, so this is likely to just be a configuration change. In addition, we already need to revisit our hitch configuration for #19.
According to immuniweb, the only thing standing between the current site configuration and compliance with both NIST and HIPAA is OCSP stapling.
And, both LE (our certificate provider) and Hitch (our TLS endpoint) support OCSP stapling, so this is likely to just be a configuration change. In addition, we already need to revisit our hitch configuration for #19.