Veuillez utiliser un navigateur compatible :Google Chrome ou Mozilla Firefox
La page a expiré. Tout changement sera perdu. Essayez d'actualiser la page.
Mise à jour de Gazelle planifiée, sauvegardez votre travail :
Votre session Gazelle va expirer :
Redéployé...
Déconnexion ...
Le serveur redémarre. Tout changement sera perdu.
 

Profil d'intégration: Audit Trail and Node Authentication

Informations sur le Profil d'Intégration

Id: 48

Mot-clé: ATNA

Nom: Audit Trail and Node Authentication

Description: https://profiles.ihe.net/ITI/TF/Volume1/ch-9.html The ITI Audit Trail and Node Authentication (ATNA) Profile establishes the characteristics of a Basic Secure Node: It describes the security environment (user identification, authentication, authorization, access control, etc.) assumed for the node so that security reviewers may decide whether this matches their environments. It defines basic security requirements for the communications of the node using TLS or equivalent functionality. It defines basic auditing requirements for the node. The profile also establishes the characteristics of the communication of audit messages between the Basic Secure Nodes and Audit Repository nodes that collect audit information.

Statut: Final Text

Section du document:

Aucun

Id
Mot-clé
Nom
Description
Action
1 ARR Audit Record Repository A system unit that receives and collects audit records from multiple systems.
10 SN Secure Node A system unit that validates the identity of any user and of any other node, and determines whether or not access to the system for this user and information exchange with the other node is allowed. Maintains the correct time.
86 SA Secure Application The difference between the Secure Node and the Secure Application is the extent to which the underlying operating system and other environment are secured. A Secure Node includes all aspects of user authentication, file system protections, and operating environment security. The Secure Application is a product that does not include the operating environment. The Secure Application provides security features only for the application features. See section 9.7 for the relationships among a Secure Node, Secure Application, and other actors.
1313 AUDIT_CONSUMER Audit Consumer Consumes audit log messages.
1322 AUDIT_RECORD_FORWARDER Audit Record Forwarder This actor filters audit records that have been received and forwards selected audit records to an Audit Record Repository. Added to the ATNA profile in Sept 2015 in CP-ITI-872
Id
Acteur
Option de profil d'intégration
Assertions
182SN - Secure NodeRAD_AUDIT_TRAIL_OPTION - Radiology Audit Trail 0
249SN - Secure NodeDEPRECATED: ATNA_ENCRYPTION - DEPRECATED ATNA Encryption0
250SA - Secure ApplicationDEPRECATED: ATNA_ENCRYPTION - DEPRECATED ATNA Encryption0
655SN - Secure NodeNONE - None12
656ARR - Audit Record RepositoryNONE - None10
868SA - Secure ApplicationNONE - None8
1776SA - Secure ApplicationRAD_AUDIT_TRAIL_OPTION - Radiology Audit Trail 0
2493AUDIT_CONSUMER - Audit ConsumerNONE - None0
2494ARR - Audit Record RepositoryRETRIEVE_AUDIT_MSG - Retrieve Audit Message0
2495AUDIT_CONSUMER - Audit ConsumerRETRIEVE_AUDIT_MSG - Retrieve Audit Message0
2496ARR - Audit Record RepositoryRETRIEVE_SYSLOG_MSG - Retrieve Syslog Message0
2497AUDIT_CONSUMER - Audit ConsumerRETRIEVE_SYSLOG_MSG - Retrieve Syslog Message0
2621AUDIT_RECORD_FORWARDER - Audit Record ForwarderNONE - None0
3047SA - Secure ApplicationDEPRECATED:BCP195_TLS_1.2_FLOOR - BCP195 TLS Secure Transport Connection - TLS 1.2 Floor0
3048SA - Secure ApplicationDEPRECATED:BCP195_TLS_ALL_VERSIONS - BCP195 TLS Secure Transport Connection - All TLS Versions0
3049SN - Secure NodeDEPRECATED:BCP195_TLS_1.2_FLOOR - BCP195 TLS Secure Transport Connection - TLS 1.2 Floor0
3050SN - Secure NodeDEPRECATED:BCP195_TLS_ALL_VERSIONS - BCP195 TLS Secure Transport Connection - All TLS Versions0
3051SA - Secure ApplicationFQDN_VALIDATION_OF_SERVER_CERT - FQDN Validation of Server Certificate0
3052SN - Secure NodeFQDN_VALIDATION_OF_SERVER_CERT - FQDN Validation of Server Certificate0
3093ARR - Audit Record RepositoryATX_TLS_SYSLOG - ATX: TLS Syslog0
3094ARR - Audit Record RepositoryATX_UDP_SYSLOG - ATX: UDP Syslog0
3095AUDIT_RECORD_FORWARDER - Audit Record ForwarderATX_TLS_SYSLOG - ATX: TLS Syslog0
3096AUDIT_RECORD_FORWARDER - Audit Record ForwarderATX_UDP_SYSLOG - ATX: UDP Syslog0
3097SA - Secure ApplicationATX_TLS_SYSLOG - ATX: TLS Syslog0
3098SA - Secure ApplicationATX_UDP_SYSLOG - ATX: UDP Syslog0
3099SN - Secure NodeATX_TLS_SYSLOG - ATX: TLS Syslog0
3100SN - Secure NodeATX_UDP_SYSLOG - ATX: UDP Syslog0
3101ARR - Audit Record RepositoryATX_FHIR_FEED - ATX: FHIR FEED0
3102AUDIT_RECORD_FORWARDER - Audit Record ForwarderATX_FHIR_FEED - ATX: FHIR FEED0
3103SA - Secure ApplicationATX_FHIR_FEED - ATX: FHIR FEED0
3104SN - Secure NodeATX_FHIR_FEED - ATX: FHIR FEED0
3116SA - Secure ApplicationSTX_NO_SECURE_TRANSPORT - STX: No Secure Transport 0
3117SA - Secure ApplicationSTX_SMIME - STX:S/MIME0
3118SA - Secure ApplicationDEPRECATED:STX_TLS1.0_FLOOR_AES - DEPRECATED:STX:TLS 1.0 Floor with AES0
3119SA - Secure ApplicationDEPRECATED:STX_TLS1.0_FLOOR_BCP195 - DEPRECATED: STX:TLS 1.0 Floor using BCP195 0
3120SA - Secure ApplicationSTX_TLS1.2_FLOOR_BCP195 - STX:TLS 1.2 Floor using BCP1950
3121SA - Secure ApplicationSTX_WS-SECURITY - STX:WS-Security0
3122SN - Secure NodeSTX_NO_SECURE_TRANSPORT - STX: No Secure Transport 0
3123SN - Secure NodeSTX_SMIME - STX:S/MIME0
3124SN - Secure NodeDEPRECATED:STX_TLS1.0_FLOOR_AES - DEPRECATED:STX:TLS 1.0 Floor with AES0
3125SN - Secure NodeDEPRECATED:STX_TLS1.0_FLOOR_BCP195 - DEPRECATED: STX:TLS 1.0 Floor using BCP195 0
3126SN - Secure NodeSTX_TLS1.2_FLOOR_BCP195 - STX:TLS 1.2 Floor using BCP1950
3127SN - Secure NodeSTX_WS-SECURITY - STX:WS-Security0
3250SA - Secure ApplicationSTX_HTTPS_IUA - STX: HTTPS IUA0
3251SN - Secure NodeSTX_HTTPS_IUA - STX: HTTPS IUA0
Id de l'assertion
Description
ATNA-1 The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node.
ATNA-10 Audit Record Repository actor which claims support of the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction.
ATNA-11 Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Authentication Node [ITI-19] transaction
ATNA-12 Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction
ATNA-13 Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall perform the Maintain Time [ITI-1] transaction
ATNA-14 Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction
ATNA-15 Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Maitain Time [ITI-1] transaction
ATNA-16 Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Record Audit Event [ITI-20] transaction
ATNA-17 The Secure Node Actor shall include the Authenticate Node [ITI-19] transaction for all network connections that may expose private information.
ATNA-18 The Secure Node Actor shall ensure all local user activity (login, logout, etc.) protected to ensure only authorized users.
ATNA-19 The Secure Node Actor shall include the record Audit Event as specified in ITI TF-2a: 3.20
ATNA-2 Secure Nodes shall either prohibit, or be designed and verified to prevent access to PHI, whenever connections are not bi-directionally node-authenticated .
ATNA-20 The Audit Repository shall support both audit transport mechanisms
ATNA-21 The Audit Repository shall support any IHE-specified audit message format, when sent over one of those transport mechanisms. Note that new applications domains may have their own extended vocabularies in addition to the DICOM and IHE vocabularies. This also means that an ATNA Audit Repository is also automatically a Radiology Basic Security Profile Audit Repository because it must support the IHE Provisional Message format and it must support the BSD syslog protocol
ATNA-22 The Audit Repository shall support self protections and user access controls
ATNA-23 Secure Node actor may support the Radiology Audit Trail option
ATNA-24 Secure Application actors may support the Radiology Audit Trail option
ATNA-25 Actors in the IHE Radiology domain Profiles which claim support of the Audit Trail and Node Authentication (ATNA) integration profile are required to implement the Radiology Audit Trail option.
ATNA-3 A Secure Node Actor shall be configurable to support both connection authentication and physically secured networks
ATNA-4 The mechanism for logging audit record messages to the audit record repository shall be either Transmission of Syslog Messages over UDP (RFC5426) with The Syslog Protocol (RFC5424) which formalizes and obsoletes Syslog (RFC-3164), either 2) Transmission of Syslog Messages over TLS (RFC5425) with The Syslog Protocol (RFC5424) which formalizes sending syslog messages over a streaming protocol protectable by TLS.

Domaine

Id
Mot-clé
Nom
Description
2 ITI IT-Infrastructure The IT Infrastructure Domain supplies infrastructure for sharing healthcare information. An infrastructure interoperability component represents a common IT function that is used as a building block for a variety of use cases... a necessary ingredient, but rarely visible to the end user!! These components may be embedded in an application, but are often deployed as a shared resource within a RHIO or Health Information Exchange.
    Copyright IHE 2024
  • Gazelle Master Model 8.0.0
Haut de page