| ATNA | ATNA-10 | | Testable |
0
|
2
| | Audit Record Repository actor which claims support of the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction. | 69 | Table 9.1-1 | 5/22/23 2:18:09 PM by testAuto |
|
| ATNA | ATNA-12 | | Testable |
0
|
2
| | Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction | 69 | Table 9.1-1 | 6/27/22 4:37:57 PM by testAuto |
|
| ATNA | ATNA-15 | | Testable |
0
|
2
| | Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Maitain Time [ITI-1] transaction | 72 | Table 9.3-1 | 7/9/24 2:31:02 PM by dgraveto |
|
| ATNA | ATNA-16 | | Testable |
0
|
2
| see previous comment on ITI-19 | Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Record Audit Event [ITI-20] transaction | 69 | Table 9.1-1 | 6/29/22 11:49:04 AM by testAuto |
|
| ATNA | ATNA-21 | | Testable |
0
|
2
| | The Audit Repository shall support any IHE-specified audit message format, when sent over one of those transport mechanisms. Note that new applications domains may have their own extended vocabularies in addition to the DICOM and IHE vocabularies. This also means that an ATNA Audit Repository is also automatically a Radiology Basic Security Profile Audit Repository because it must support the IHE Provisional Message format and it must support the BSD syslog protocol | 70 | Section 9.1.1.3 | 6/29/22 2:22:50 PM by testAuto |
|
| ATNA | ATNA-3 | | Testable |
0
|
2
| | A Secure Node Actor shall be configurable to support both connection authentication and physically secured networks | 72 | Section 9.4 | 4/30/19 4:13:19 PM by NicolasBailliet |
|
| ATNA | ATNA-4 | | Testable |
0
|
4
| | The mechanism for logging audit record messages to the audit record repository shall be either Transmission of Syslog Messages over UDP (RFC5426) with The Syslog Protocol (RFC5424) which formalizes and obsoletes Syslog (RFC-3164), either 2) Transmission of Syslog Messages over TLS (RFC5425) with The Syslog Protocol (RFC5424) which formalizes sending syslog messages over a streaming protocol protectable by TLS. | 72 | Section 9.3 | 4/30/19 4:13:19 PM by NicolasBailliet |
|
| ATNA | ATNA-6 | | Testable |
0
|
4
| | A means must be provided to upload the required certificates to the implementation, e.g., via floppy disk or file transfer via network. | 72 | Section 9.4 | 4/30/19 4:13:19 PM by NicolasBailliet |
|
| ATNA | ATNA-7 | | Testable |
0
|
2
| I don't know what this assertion means. | When an IHE profile requires a grouping of an actor with either Secure Node or Secure Application, then the ATNA requirements apply to all actors in the implementation. | 72 | Section 9.3.1 | 4/30/19 4:13:19 PM by NicolasBailliet |
|
| ATNA | ATNA-8 | | Testable |
0
|
2
| | When an implementation chooses to support this Integration Profile for an actor, it is required that all IHE actors and any other activities in this implementation support the Audit Trail and Node Authentication Integration Profile. | 72 | Section 9.4 | 4/30/19 4:13:19 PM by NicolasBailliet |
|
| ITI19 | ITI19-10 | reviewed | Testable |
0
|
0
| | The Secure Node or Secure Application shall not reject certificates that contain unknown attributes or other parameters. | 134 | Section 3.19.6.1.3 | 4/30/19 4:50:25 PM by NicolasBailliet |
|
| ITI19 | ITI19-12 | reviewed | Testable |
0
|
0
| | The IHE Technical Framework recommends a maximum expiration time for certificates of 2 years. | 134 | Section 3.19.6.1.3 | 4/30/19 4:50:25 PM by NicolasBailliet |
|
| ITI19 | ITI19-13 | reviewed | Testable |
0
|
0
| | Using a certificate chain back to an external trusted certificate authority to determine authorizations is strongly discouraged. | 134 | Section 3.19.6.1.3 | 4/30/19 4:50:25 PM by NicolasBailliet |
|
| ITI19 | ITI19-16 | reviewed | Testable |
0
|
0
| | For all connections carrying Protected Information (PI), the recommended "well-known port 2762" as specified by DICOM shall be used when the Secure node is configured for use not on a physically secured network. | 135 | Section 3.19.6.2 | 4/30/19 4:50:25 PM by NicolasBailliet |
|
| ITI19 | ITI19-17 | reviewed | Testable |
0
|
0
| | For all connections carrying Protected Information (PI), and when the secure node is configured for use on a physically secured network, a different port number shall be used, preferably the standard port 104. | 135 | Section 3.19.6.2 | 4/30/19 4:50:25 PM by NicolasBailliet |
|
| ITI19 | ITI19-18 | reviewed | Testable |
0
|
0
| | For all connections carrying Protected Information (PI), the port number used when configured for use on a physically secured network shall be different than the port number used when configured for use not on a physically secured network. | 135 | Section 3.19.6.2 | 4/30/19 4:50:25 PM by NicolasBailliet |
|
| ITI19 | ITI19-19 | reviewed | Testable |
0
|
0
| | For all connections carrying Protected Information (PI), if SN/SA is configured for physical security, then it may use the non-TLS DICOM port and protocol. | 135 | Section 3.19.6.2 | 4/30/19 4:50:25 PM by NicolasBailliet |
|
| ITI19 | ITI19-20 | reviewed | Testable |
0
|
0
| | For all web-services carrying Protected Information(PI), a trusted association shall be established between the two nodes utilizing WS-I Basic Security Profile Version 1.1. | 135 | Section 3.19.6.4 | 4/30/19 4:50:25 PM by NicolasBailliet |
|
| ITI19 | ITI19-21 | reviewed | Testable |
0
|
0
| | For SMTP communications, when configured to use email on a network that is not physically secured, implementations shall use S/MIME (RFC-3851). | 135 | Section 3.19.6.5 | 4/30/19 4:50:25 PM by NicolasBailliet |
|
| ITI19 | ITI19-22 | reviewed | Testable |
0
|
0
| | For SMTP communications on a network that is not physically secured, the message shall be signed using the signedData format. | 135 | Section 3.19.6.5 | 4/30/19 4:50:25 PM by NicolasBailliet |
|