Merge pull request #297 from pmechineniesac/FHIR-44743

TLS 1.1 deprecated to BCP195

input/pages/index.md

@@ -127,7 +127,7 @@ the [FHIR Implementer's Safety Check List]({{site.data.fhir.path}}safety.html#7.
 considerations relate to any FHIR implementation, including authentication, authorization, access control
 consistent with patient consent, transaction logging, and following best practices. QI-Core security conformance rules are as follows:
 
--  Systems **SHOULD** use TLS version 1.1 or higher with bi-directional certificate validation for all transmissions not taking place over a secure network connection.
+-  Systems **SHOULD** refer to BCP195 to ensure transmissions are taking place over a secure network connection.
 -  Systems **SHOULD** use OAuth or an equivalent mechanism to provide necessary authentication (user or system-level).
 -  Systems **SHOULD** use either IHE's ATNA standard for audit logging or an equivalent using the AuditEvent resource.