net.ihe.gazelle.assets.SearchCriteria : 21 assertions found for this search Review filtered assertions

Assertion

Applies to

Applied to
Not applied to

Coverage

Covered by
Not covered by
Id scheme
Assertion id
Status
Testable?
#Coverage
#Applies to
Comment
Predicate
Page
Tags
Last changed
Actions
ATNAATNA-1Testable 1 4 I think this is redundant to ATNA-11. This is just a generic statement about the ITI-19 transaction. > No, the use of bi-directionnal certificate authentication is implicit in ITI19-1, this assertion makes it explicit.The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node.72Section 9.48/26/19 5:25:26 PM by ceoche
ATNAATNA-11Testable 2 2 Are we going to duplicate the assertions for SN or SA, or just link these assertions to both actors. I think we should link to both.Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Authentication Node [ITI-19] transaction69Table 9.1-17/11/19 7:28:57 PM by ceoche
ATNAATNA-14Testable 2 2 I disagree with this assertion. Section 9.7 reads "If the product claims only to include the Secure Application Actor, that indicates that only those security features that apply to the application features are provided by the product." I expect SAs to support ITI-19 for its IHE transactions that carry PHI. > Yes, this is the philosophy of the SA actor in the TF : "required only for transactions containing PHI". According to 2nd Review group, the TF is the reference, so we won't delete this assertion.Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction69Table 9.1-18/26/19 5:25:26 PM by ceoche
ATNAATNA-17Testable 1 2 The Secure Node Actor shall include the Authenticate Node [ITI-19] transaction for all network connections that may expose private information. 69Table 9.1-18/26/19 5:25:26 PM by ceoche
ATNAATNA-18Testable 3 2 The Secure Node Actor shall ensure all local user activity (login, logout, etc.) protected to ensure only authorized users. 69Section 9.1.1.18/26/19 5:25:26 PM by ceoche
ATNAATNA-19Testable 1 2 I think this is redundant with assertion ATNA-12The Secure Node Actor shall include the record Audit Event as specified in ITI TF-2a: 3.2069Section 9.1.1.17/11/19 7:02:45 PM by ceoche
ATNAATNA-2Testable 1 3 probably not a testable assertionSecure Nodes shall either prohibit, or be designed and verified to prevent access to PHI, whenever connections are not bi-directionally node-authenticated .69Section 9.1.18/26/19 5:25:26 PM by ceoche
ATNAATNA-9Testable 2 2 When an implementation chooses to support this Integration Profile for an actor, non-IHE applications that process PHI shall detect and report auditable events, and protect access.72Section 9.47/11/19 7:25:04 PM by ceoche
ITI19ITI19-1reviewedTestable 2 0 When Authenticating the Remote Secure Node, the Local Secure Node shall be able to perform certificate validation based on signature by a trusted CA.133Section 3.19.6.18/26/19 5:25:26 PM by ceoche
ITI19ITI19-11reviewedTestable 1 0 The certificates used for mutual authentication shall be X509 certificates based on RSA key with key length in the range of 1024-4096.134Section 3.19.6.1.37/11/19 7:33:08 PM by ceoche
ITI19ITI19-14reviewedTestable 1 0 For all connections carrying Protected Information (PI) and when configured for use not on a physically secured network, implementations shall use the TLS protocol.135Section 3.19.6.28/26/19 5:25:26 PM by ceoche
ITI19ITI19-15reviewedTestable 1 0 For all connections carrying Protected Information (PI) and when configured for use not on a physically secured network, implementations shall support TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite.135Section 3.19.6.28/26/19 5:25:26 PM by ceoche
ITI19ITI19-2reviewedTestable 1 0 When Authenticating the Remote Secure Node, the Local Secure Node shall be able to perform direct certificate validation to a set of trusted certificates.133Section 3.19.6.18/26/19 5:25:26 PM by ceoche
ITI19ITI19-3reviewedTestable 1 0 The Secure Node or Secure Application shall provide the means for configuring which CAs are trusted to authenticate node certificates for use in a chain of trust. These CAs shall be identified by means of the public signing certificate for the signing CA.134Section 3.19.6.1.18/26/19 5:25:26 PM by ceoche
ITI19ITI19-32reviewedTestable 1 0 The Secure Node starts the local authentication process with a User when the User wants to log on to the node.136Section 3.19.77/11/19 7:39:16 PM by ceoche
ITI19ITI19-33reviewedTestable 1 0 The secure node shall not allow access to PHI to an operator who has not successfully completed the local user authentication.136Section 3.19.77/11/19 7:39:24 PM by ceoche
ITI19ITI19-34reviewedTestable 1 0 The User shall log in using his or her own unique individually assigned identity.136Section 3.19.77/11/19 7:39:31 PM by ceoche
ITI19ITI19-9reviewedTestable 1 0 The Secure Node or Secure Application shall not require any specific certificate attribute contents.134Section 3.19.6.1.34/30/19 4:50:25 PM by NicolasBailliet
ITI20ITI20-2reviewedTestable 1 0 The events Actor-start-stop, Audit-Log-Used, Begin-storing-instances, Health-service-event, Instances-deleted, Instances-Stored, Medication, Mobile-machine-event, Node-Authentication-failure, Order-record-event, Patient-care-assignment, Patient-care-episode, Patient-care-protocol, Patient-record-event, PHI-export, PHI-import, Procedure-record-event, Query Information, Security Alert, User Authentication, Study-Object-Event and Study-used shall be reportable by means of the IHE Audit Trail.140Section 3.20.4.1.1.17/11/19 6:59:46 PM by ceoche
ITI20ITI20-21reviewedTestable 1 0 For audit records generated by all IHE actors, the IHE IT Infrastructure technical framework prefers use of the DICOM schema defined in the DICOM Standard, Part 15 Annex A.5.147Section 3.20.7.17/11/19 7:00:09 PM by ceoche