AssertionManagerGui

Id scheme	Assertion id	Status	Testable?	#Coverage	#Applies to	Comment	Predicate	Page	Tags	Last changed
1 2
ATNA	ATNA-1		Testable	3	4	I think this is redundant to ATNA-11. This is just a generic statement about the ITI-19 transaction. > No, the use of bi-directionnal certificate authentication is implicit in ITI19-1, this assertion makes it explicit.	The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node.dedede	72	Section 9.4	7/9/24 2:44:36 PM by dgraveto
ATNA	ATNA-11		Testable	3	2	Are we going to duplicate the assertions for SN or SA, or just link these assertions to both actors. I think we should link to both.	Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Authentication Node [ITI-19] transaction	69	Table 9.1-1	3/18/24 7:40:36 AM by testAuto
ATNA	ATNA-13		Testable	1	2	This is a grouping requirement. ITI-1 is not required by the ATNA profile. > According to 2nd Review group, the TF is the reference.	Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall perform the Maintain Time [ITI-1] transaction	72	Table 9.3-1	5/22/23 5:01:36 PM by testAuto
ATNA	ATNA-14		Testable	2	2	I disagree with this assertion. Section 9.7 reads "If the product claims only to include the Secure Application Actor, that indicates that only those security features that apply to the application features are provided by the product." I expect SAs to support ITI-19 for its IHE transactions that carry PHI. > Yes, this is the philosophy of the SA actor in the TF : "required only for transactions containing PHI". According to 2nd Review group, the TF is the reference, so we won't delete this assertion.	Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction	69	Table 9.1-1	8/26/19 5:25:26 PM by ceoche
ATNA	ATNA-17		Testable	1	2		The Secure Node Actor shall include the Authenticate Node [ITI-19] transaction for all network connections that may expose private information.	69	Table 9.1-1	8/26/19 5:25:26 PM by ceoche
ATNA	ATNA-18		Testable	4	2		The Secure Node Actor shall ensure all local user activity (login, logout, etc.) protected to ensure only authorized users.	69	Section 9.1.1.1	3/15/24 2:32:26 PM by testAuto
ATNA	ATNA-19		Testable	1	2	I think this is redundant with assertion ATNA-12	The Secure Node Actor shall include the record Audit Event as specified in ITI TF-2a: 3.20	69	Section 9.1.1.1	7/11/19 7:02:45 PM by ceoche
ATNA	ATNA-2		Testable	2	3	probably not a testable assertion	Secure Nodes shall either prohibit, or be designed and verified to prevent access to PHI, whenever connections are not bi-directionally node-authenticated .	69	Section 9.1.1	3/8/24 9:20:47 AM by vhofman
ATNA	ATNA-20		Testable	1	2		The Audit Repository shall support both audit transport mechanisms	70	Section 9.1.1.3	7/9/24 2:28:45 PM by dgraveto
ATNA	ATNA-23		Testable	1	2		Secure Node actor may support the Radiology Audit Trail option	71	Table 9.2-1	6/29/22 2:30:45 PM by testAuto
ATNA	ATNA-24		Testable	1	2		Secure Application actors may support the Radiology Audit Trail option	71	Table 9.2-1	5/23/23 9:33:12 AM by testAuto
ATNA	ATNA-25		Testable	1	1		Actors in the IHE Radiology domain Profiles which claim support of the Audit Trail and Node Authentication (ATNA) integration profile are required to implement the Radiology Audit Trail option.	83	Section 9.5.2	5/23/23 9:31:52 AM by testAuto
ATNA	ATNA-9		Testable	2	2		When an implementation chooses to support this Integration Profile for an actor, non-IHE applications that process PHI shall detect and report auditable events, and protect access.	72	Section 9.4	7/11/19 7:25:04 PM by ceoche
CH-ATNA	CH-ATNA-005	validated	Testable	7	1		In audit records generated by IHE and EPR actors, the OID of the audit source MUST be specified in AuditSourceIdentification/@AuditEnterpriseSiteID attribute	8	Section 1.5	7/9/24 2:30:12 PM by dgraveto
CH-ATNA	CH-ATNA-007	validated	Testable	7	1		For audit records generated by IHE and EPR actors, In the "AuditMessage/ParticipantObjectIdentification" node, for the value of the "@ParticipantObjectSensitivity" field, the current confidentiality code of the object MUST be specified IF KNOWN when the object is a document in the EPR. This value MUST represent a value from the Swiss Metadata Value Set, the attribute @codeSystemName (2.16.756.5.30.1.127.3.10.6). The following sequences are required OID as the code system name, e.g 1051000195109^normal^2.16.840.1.113883.6.96	8	Section 1.5	7/9/24 2:30:14 PM by dgraveto
ITI19	ITI19-1	reviewed	Testable	2	0		When Authenticating the Remote Secure Node, the Local Secure Node shall be able to perform certificate validation based on signature by a trusted CA.	133	Section 3.19.6.1	3/8/24 9:20:47 AM by vhofman
ITI19	ITI19-11	reviewed	Testable	1	0		The certificates used for mutual authentication shall be X509 certificates based on RSA key with key length in the range of 1024-4096.	134	Section 3.19.6.1.3	7/11/19 7:33:08 PM by ceoche
ITI19	ITI19-14	reviewed	Testable	1	0		For all connections carrying Protected Information (PI) and when configured for use not on a physically secured network, implementations shall use the TLS protocol.	135	Section 3.19.6.2	8/26/19 5:25:26 PM by ceoche
ITI19	ITI19-15	reviewed	Testable	1	0		For all connections carrying Protected Information (PI) and when configured for use not on a physically secured network, implementations shall support TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite.	135	Section 3.19.6.2	8/26/19 5:25:26 PM by ceoche
ITI19	ITI19-2	reviewed	Testable	1	0		When Authenticating the Remote Secure Node, the Local Secure Node shall be able to perform direct certificate validation to a set of trusted certificates.	133	Section 3.19.6.1	8/26/19 5:25:26 PM by ceoche

Testable

I think this is redundant to ATNA-11. This is just a generic statement about the ITI-19 transaction. > No, the use of bi-directionnal certificate authentication is implicit in ITI19-1, this assertion makes it explicit.

The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node.dedede

72

Section 9.4

7/9/24 2:44:36 PM by dgraveto

ATNA

ATNA-11

Testable

3

2

Are we going to duplicate the assertions for SN or SA, or just link these assertions to both actors. I think we should link to both.

Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Authentication Node [ITI-19] transaction

69

Table 9.1-1

3/18/24 7:40:36 AM by testAuto

ATNA

ATNA-13

Testable

1

2

This is a grouping requirement. ITI-1 is not required by the ATNA profile. > According to 2nd Review group, the TF is the reference.

Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall perform the Maintain Time [ITI-1] transaction

72

Table 9.3-1

5/22/23 5:01:36 PM by testAuto

ATNA

ATNA-14

Testable

2

I disagree with this assertion. Section 9.7 reads "If the product claims only to include the Secure Application Actor, that indicates that only those security features that apply to the application features are provided by the product." I expect SAs to support ITI-19 for its IHE transactions that carry PHI. > Yes, this is the philosophy of the SA actor in the TF : "required only for transactions containing PHI". According to 2nd Review group, the TF is the reference, so we won't delete this assertion.

Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction

69

Table 9.1-1

8/26/19 5:25:26 PM by ceoche

ATNA

ATNA-17

Testable

1

2

The Secure Node Actor shall include the Authenticate Node [ITI-19] transaction for all network connections that may expose private information.

69

Table 9.1-1

8/26/19 5:25:26 PM by ceoche

ATNA

ATNA-18

Testable

4

2

The Secure Node Actor shall ensure all local user activity (login, logout, etc.) protected to ensure only authorized users.

69

Section 9.1.1.1

3/15/24 2:32:26 PM by testAuto

ATNA

ATNA-19

Testable

1

2

I think this is redundant with assertion ATNA-12

The Secure Node Actor shall include the record Audit Event as specified in ITI TF-2a: 3.20

69

Section 9.1.1.1

7/11/19 7:02:45 PM by ceoche

ATNA

ATNA-2

Testable

2

3

probably not a testable assertion

Secure Nodes shall either prohibit, or be designed and verified to prevent access to PHI, whenever connections are not bi-directionally node-authenticated .

69

Section 9.1.1

3/8/24 9:20:47 AM by vhofman

ATNA

ATNA-20

Testable

1

2

The Audit Repository shall support both audit transport mechanisms

70

Section 9.1.1.3

7/9/24 2:28:45 PM by dgraveto

ATNA

ATNA-23

Testable

1

2

Secure Node actor may support the Radiology Audit Trail option

71

Table 9.2-1

6/29/22 2:30:45 PM by testAuto

ATNA

ATNA-24

Testable

1

2

Secure Application actors may support the Radiology Audit Trail option

71

Table 9.2-1

5/23/23 9:33:12 AM by testAuto

ATNA

ATNA-25

Testable

1

Actors in the IHE Radiology domain Profiles which claim support of the Audit Trail and Node Authentication (ATNA) integration profile are required to implement the Radiology Audit Trail option.

83

Section 9.5.2

5/23/23 9:31:52 AM by testAuto

ATNA

ATNA-9

Testable

2

When an implementation chooses to support this Integration Profile for an actor, non-IHE applications that process PHI shall detect and report auditable events, and protect access.

72

Section 9.4

7/11/19 7:25:04 PM by ceoche

CH-ATNA

CH-ATNA-005

validated

Testable

7

1

In audit records generated by IHE and EPR actors, the OID of the audit source MUST be specified in AuditSourceIdentification/@AuditEnterpriseSiteID attribute

8

Section 1.5

7/9/24 2:30:12 PM by dgraveto

CH-ATNA

CH-ATNA-007

validated

Testable

7

1

For audit records generated by IHE and EPR actors, In the "AuditMessage/ParticipantObjectIdentification" node, for the value of the "@ParticipantObjectSensitivity" field, the current confidentiality code of the object MUST be specified IF KNOWN when the object is a document in the EPR. This value MUST represent a value from the Swiss Metadata Value Set, the attribute @codeSystemName (2.16.756.5.30.1.127.3.10.6). The following sequences are required OID as the code system name, e.g 1051000195109^normal^2.16.840.1.113883.6.96

8

Section 1.5

7/9/24 2:30:14 PM by dgraveto

ITI19

ITI19-1

reviewed

Testable

2

0

When Authenticating the Remote Secure Node, the Local Secure Node shall be able to perform certificate validation based on signature by a trusted CA.

133

Section 3.19.6.1

3/8/24 9:20:47 AM by vhofman

ITI19

ITI19-11

reviewed

Testable

1

0

The certificates used for mutual authentication shall be X509 certificates based on RSA key with key length in the range of 1024-4096.

134

Section 3.19.6.1.3

7/11/19 7:33:08 PM by ceoche

ITI19

ITI19-14

reviewed

Testable

1

0

For all connections carrying Protected Information (PI) and when configured for use not on a physically secured network, implementations shall use the TLS protocol.

135

Section 3.19.6.2

8/26/19 5:25:26 PM by ceoche

ITI19

ITI19-15

reviewed

Testable

1

0

For all connections carrying Protected Information (PI) and when configured for use not on a physically secured network, implementations shall support TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite.

135

Section 3.19.6.2

8/26/19 5:25:26 PM by ceoche

ITI19

ITI19-2

reviewed

Testable

1

0

When Authenticating the Remote Secure Node, the Local Secure Node shall be able to perform direct certificate validation to a set of trusted certificates.

133

Section 3.19.6.1

8/26/19 5:25:26 PM by ceoche

Search Criteria : 28 assertions found for this search Review filtered assertions

Assertion

Applies to

Coverage