net.ihe.gazelle.assets.SearchCriteria : 24 assertions found for this search Review filtered assertions

Assertion

Applies to

Applied to
Not applied to

Coverage

Covered by
Not covered by
Id scheme
Assertion id
Status
Testable?
#Coverage
#Applies to
Comment
Predicate
Page
Tags
Last changed
Actions
ATNAATNA-1to be reviewedTestable 0 4 I think this is redundant to ATNA-11. This is just a generic statement about the ITI-19 transaction.The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node.77Section 9.48/28/18 9:57:55 AM by meenal
ATNAATNA-10reviewedTestable 0 2 Audit Record Repository actor which claims support of the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction.74Table 9.1-18/28/18 9:57:56 AM by meenal
ATNAATNA-11reviewedTestable 0 2 Are we going to duplicate the assertions for SN or SA, or just link these assertions to both actors. I think we should link to both.Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Authentication Node [ITI-19] transaction74Table 9.1-18/28/18 9:57:57 AM by meenal
ATNAATNA-12reviewedTestable 0 2 Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction74Table 9.1-18/28/18 9:57:59 AM by meenal
ATNAATNA-13to deleteTestable 0 2 This is a grouping requirement. ITI-1 is not required by the ATNA profileSecure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall perform the Maintain Time [ITI-1] transaction74Table 9.4-12/24/15 5:36:05 PM by jlabbe
ATNAATNA-14to deleteTestable 0 2 I disagree with this assertion. Section 9.7 reads "If the product claims only to include the Secure Application Actor, that indicates that only those security features that apply to the application features are provided by the product." I expect SAs to support ITI-19 for its IHE transactions that carry PHI.Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction74Table 9.4-12/24/15 5:36:05 PM by jlabbe
ATNAATNA-15to deleteTestable 0 2 Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Maitain Time [ITI-1] transaction74Table 9.4-12/24/15 5:36:05 PM by jlabbe
ATNAATNA-16to be reviewedTestable 0 2 see previous comment on ITI-19Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Record Audit Event [ITI-20] transaction74Table 9.1-18/28/18 9:58:03 AM by meenal
ATNAATNA-17reviewedTestable 0 2 The Secure Node Actor shall include the Authenticate Node [ITI-19] transaction for all network connections that may expose private information. 77Section 9.1-18/28/18 9:58:04 AM by meenal
ATNAATNA-18reviewedTestable 0 2 The Secure Node Actor shall ensure all local user activity (login, logout, etc.) protected to ensure only authorized users. 77Section 9.48/28/18 9:58:05 AM by meenal
ATNAATNA-19to deleteTestable 0 2 I think this is redundant with assertion ATNA-12The Secure Node Actor shall include the record Audit Event as specified in ITI TF-2a: 3.2077Section 9.48/28/18 9:58:07 AM by meenal
ATNAATNA-2reviewedTestable 0 3 probably not a testable assertionSecure Nodes shall either prohibit, or be designed and verified to prevent access to PHI, whenever connections are not bi-directionally node-authenticated .76Section 9.1.23/24/16 12:37:27 PM by jlabbe
ATNAATNA-20to be reviewedTestable 0 2 The Audit Repository shall support both audit transport mechanisms 77Section 9.48/28/18 9:58:09 AM by meenal
ATNAATNA-21to be reviewedTestable 0 2 The Audit Repository shall support any IHE-specified audit message format, when sent over one of those transport mechanisms. Note that new applications domains may have their own extended vocabularies in addition to the DICOM and IHE vocabularies. This also means that an ATNA Audit Repository is also automatically a Radiology Basic Security Profile Audit Repository because it must support the IHE Provisional Message format and it must support the BSD syslog protocol77Section 9.48/28/18 9:58:10 AM by meenal
ATNAATNA-22to be reviewedTestable 0 2 The Audit Repository shall support self protections and user access controls77Section 9.48/28/18 9:58:11 AM by meenal
ATNAATNA-23to be reviewedTestable 0 2 Secure Node actor may support the Radiology Audit Trail option75Table 9.5-12/24/15 5:36:05 PM by jlabbe
ATNAATNA-24to be reviewedTestable 0 2 Secure Application actors may support the Radiology Audit Trail option75Table 9.5-12/24/15 5:36:05 PM by jlabbe
ATNAATNA-25to be reviewedTestable 0 1 Actors in the IHE Radiology domain Profiles which claim support of the Audit Trail and Node Authentication (ATNA) integration profile are required to implement the Radiology Audit Trail option.76Section 9.5.22/24/15 5:36:05 PM by jlabbe
ATNAATNA-3to be reviewedTestable 0 2 A Secure Node Actor shall be configurable to support both connection authentication and physically secured networks 77Section 9.48/28/18 9:58:15 AM by meenal
ATNAATNA-4reviewedTestable 0 4 The mechanism for logging audit record messages to the audit record repository shall be either Transmission of Syslog Messages over UDP (RFC5426) with The Syslog Protocol (RFC5424) which formalizes and obsoletes Syslog (RFC-3164), either 2) Transmission of Syslog Messages over TLS (RFC5425) with The Syslog Protocol (RFC5424) which formalizes sending syslog messages over a streaming protocol protectable by TLS.77Section 9.38/28/18 9:58:16 AM by meenal