Integration Profile: Audit Trail and Node Authentication

Id: 48

Keyword: ATNA

Name: Audit Trail and Node Authentication

Description: The ITI Audit Trail and Node Authentication (ATNA) Profile establishes the characteristics of a Basic Secure Node: It describes the security environment (user identification, authentication, authorization, access control, etc.) assumed for the node so that security reviewers may decide whether this matches their environments. It defines basic security requirements for the communications of the node using TLS or equivalent functionality. It defines basic auditing requirements for the node. The profile also establishes the characteristics of the communication of audit messages between the Basic Secure Nodes and Audit Repository nodes that collect audit information.

Status: Final Text

Document Section:

IHE ITI TF Vol1 #9 Audit Trail and Node Authenti

Id	Keyword	Name	Description
1	ARR	Audit Record Repository	A system unit that receives and collects audit records from multiple systems.
10	SN	Secure Node	A system unit that validates the identity of any user and of any other node, and determines whether or not access to the system for this user and information exchange with the other node is allowed. Maintains the correct time.
86	SA	Secure Application	The difference between the Secure Node and the Secure Application is the extent to which the underlying operating system and other environment are secured. A Secure Node includes all aspects of user authentication, file system protections, and operating environment security. The Secure Application is a product that does not include the operating environment. The Secure Application provides security features only for the application features. See section 9.7 for the relationships among a Secure Node, Secure Application, and other actors.
1315	AUDIT_RECORD_FORWARDER	Audit Record Forwarder	This actor filters audit records that have been received and forwards selected audit records to an Audit Record Repository. Added to the ATNA profile in Sept 2015 in CP-ITI-872
1323	AC	Audit Consumer	Search for syslog and ATNA audit messages based upon queries using Syslog metadata and ATNA audit message content. Subsequent processing is not defined.

Id	Actor	Transaction	Optionality
15	SN - Secure Node	ITI-1 - Maintain Time	Required
16	SN - Secure Node	ITI-19 - Authenticate Node	Required
17	ARR - Audit Record Repository	ITI-20 - Record Audit Event	Required
756	SA - Secure Application	ITI-1 - Maintain Time	Optional
757	SA - Secure Application	ITI-19 - Authenticate Node	Optional
758	SA - Secure Application	ITI-20 - Record Audit Event	Optional
759	SN - Secure Node	ITI-20 - Record Audit Event	Required
2375	SN - Secure Node	NULL - NULL	Optional
2376	SA - Secure Application	NULL - NULL	Optional
2429	ARR - Audit Record Repository	ITI-81 - Retrieve ATNA Audit Event	Optional
2430	ARR - Audit Record Repository	ITI-82 - Retrieve Syslog Event	Optional
2431	AUDIT_RECORD_FORWARDER - Audit Record Forwarder	ITI-20 - Record Audit Event	Required
2460	AC - Audit Consumer	ITI-81 - Retrieve ATNA Audit Event	Optional
2461	AC - Audit Consumer	ITI-82 - Retrieve Syslog Event	Optional

Id	Actor	Integration Profile Option	Assertions
182	SN - Secure Node	RAD_AUDIT_TRAIL_OPTION - Radiology Audit Trail	0
249	SN - Secure Node	DEPRECATED: ATNA_ENCRYPTION - DEPRECATED ATNA Encryption	0
250	SA - Secure Application	DEPRECATED: ATNA_ENCRYPTION - DEPRECATED ATNA Encryption	0
655	SN - Secure Node	NONE - None	12
656	ARR - Audit Record Repository	NONE - None	10
868	SA - Secure Application	NONE - None	8
1776	SA - Secure Application	RAD_AUDIT_TRAIL_OPTION - Radiology Audit Trail	0
2347	AUDIT_RECORD_FORWARDER - Audit Record Forwarder	NONE - None	0
2357	ARR - Audit Record Repository	RETRIEVE_AUDIT_MSG - Retrieve Audit Message	0
2358	AC - Audit Consumer	RETRIEVE_AUDIT_MSG - Retrieve Audit Message	0
2420	SA - Secure Application	BCP195_TLS_1.2_FLOOR - BCP195 TLS Secure Transport Connection - TLS 1.2 Floor	0
2421	SA - Secure Application	BCP195_TLS_ALL_VERSIONS - BCP195 TLS Secure Transport Connection - All TLS Versions	0
2422	SN - Secure Node	BCP195_TLS_1.2_FLOOR - BCP195 TLS Secure Transport Connection - TLS 1.2 Floor	0
2423	SN - Secure Node	BCP195_TLS_ALL_VERSIONS - BCP195 TLS Secure Transport Connection - All TLS Versions	0
2424	SA - Secure Application	FQDN_VALIDATION_OF_SERVER_CERT - FQDN Validation of Server Certificate	0
2425	SN - Secure Node	FQDN_VALIDATION_OF_SERVER_CERT - FQDN Validation of Server Certificate	0
2562	ARR - Audit Record Repository	ATX_FHIR_FEED - ATX_FHIR_FEED	0
2563	AUDIT_RECORD_FORWARDER - Audit Record Forwarder	ATX_FHIR_FEED - ATX_FHIR_FEED	0
2564	SA - Secure Application	ATX_FHIR_FEED - ATX_FHIR_FEED	0
2565	SN - Secure Node	ATX_FHIR_FEED - ATX_FHIR_FEED	0

Assertion Id	Description
ATNA-1	The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node.dedede
ATNA-10	Audit Record Repository actor which claims support of the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction.
ATNA-11	Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Authentication Node [ITI-19] transaction
ATNA-12	Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction
ATNA-13	Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall perform the Maintain Time [ITI-1] transaction
ATNA-14	Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction
ATNA-15	Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Maitain Time [ITI-1] transaction
ATNA-16	Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Record Audit Event [ITI-20] transaction
ATNA-17	The Secure Node Actor shall include the Authenticate Node [ITI-19] transaction for all network connections that may expose private information.
ATNA-18	The Secure Node Actor shall ensure all local user activity (login, logout, etc.) protected to ensure only authorized users.
ATNA-19	The Secure Node Actor shall include the record Audit Event as specified in ITI TF-2a: 3.20
ATNA-2	Secure Nodes shall either prohibit, or be designed and verified to prevent access to PHI, whenever connections are not bi-directionally node-authenticated .
ATNA-20	The Audit Repository shall support both audit transport mechanisms
ATNA-21	The Audit Repository shall support any IHE-specified audit message format, when sent over one of those transport mechanisms. Note that new applications domains may have their own extended vocabularies in addition to the DICOM and IHE vocabularies. This also means that an ATNA Audit Repository is also automatically a Radiology Basic Security Profile Audit Repository because it must support the IHE Provisional Message format and it must support the BSD syslog protocol
ATNA-22	The Audit Repository shall support self protections and user access controls
ATNA-23	Secure Node actor may support the Radiology Audit Trail option
ATNA-24	Secure Application actors may support the Radiology Audit Trail option
ATNA-25	Actors in the IHE Radiology domain Profiles which claim support of the Audit Trail and Node Authentication (ATNA) integration profile are required to implement the Radiology Audit Trail option.
ATNA-28	The Secure Application shall use the Authenticate Node transaction for all network connections to or from the application that may expose private information as specified in ITI TF-2a: 3.19
ATNA-29	The Secure Application shall provide sufficient authentication methods to ensure that only authorized users access the Secure Application

Id	Keyword	Name	Description
2	ITI	IT-Infrastructure	The IT Infrastructure Domain supplies infrastructure for sharing healthcare information. An infrastructure interoperability component represents a common IT function that is used as a building block for a variety of use cases... a necessary ingredient, but rarely visible to the end user!! These components may be embedded in an application, but are often deployed as a shared resource within a RHIO or Health Information Exchange.

Assertion Id	Description

Conformance checker
EVS Client

Peer-to-peer testing
Gazelle Proxy

Integration Profile: Audit Trail and Node Authentication

Integration Profile Information

Domains

Tool index

Conformance checker

Simulators

Peer-to-peer testing


	EPR Projectathon 2022 - Montreux (Projectathon Europe 2022)Closed	EPR Projectathon 2022 - Montreux IHE EPR Projectathon 2022 - Montreux (Projectathon Europe 2022) The registration deadline is 7/1/22 6:00:00 PM . You will not be able to add or alter systems after that date. This event will held from 9/12/22 12:00:00 PM to 9/16/22 12:00:00 PM
	EPR Projectathon 2023 - Bern (Projectathon Europe 2023)Closed	EPR Projectathon 2023 - Bern IHE EPR Projectathon 2023 - Bern (Projectathon Europe 2023) The registration deadline is 7/18/23 12:00:00 PM . You will not be able to add or alter systems after that date. This event will held from 9/11/23 8:00:00 AM to 9/15/23 12:00:00 PM
	EPR Projectathon 2024 - Bern (Projectathon Europe 2024)Ongoing registrationDefault Session	EPR Projectathon 2024 - Bern IHE EPR Projectathon 2024 - Bern (Projectathon Europe 2024) The registration deadline is 7/31/24 1:00:00 PM . You will not be able to add or alter systems after that date. This event will held from 9/16/24 1:00:00 PM to 9/20/24 1:00:00 PM
	EPR Projectathon 2020 - Bern (Projectathon Europe 2020)Closed	EPR Projectathon 2020 - Bern IHE EPR Projectathon 2020 - Bern (Projectathon Europe 2020) The registration deadline is 7/17/20 12:00:00 PM . You will not be able to add or alter systems after that date. This event will held from 9/21/20 12:00:00 AM to 9/25/20 12:00:00 PM
	eMedication Projectathon 2021 - Online (Projectathon Europe 2021)Closed	eMedication Projectathon 2021 - Online IHE eMedication Projectathon 2021 - Online (Projectathon Europe 2021) The registration deadline is 2/11/21 12:00:00 PM . You will not be able to add or alter systems after that date. This event will held from 3/10/21 12:00:00 PM to 3/12/21 12:00:00 PM
	EPR Projectathon 2021 - Bern (Projectathon Europe 2021)Closed	EPR Projectathon 2021 - Bern IHE EPR Projectathon 2021 - Bern (Projectathon Europe 2021) The registration deadline is 8/31/21 12:00:00 PM . You will not be able to add or alter systems after that date. This event will held from 9/20/21 12:00:00 PM to 9/24/21 12:00:00 PM
	EPR Projectathon 2019 - Bern (Projectathon Europe 2019)Closed	EPR Projectathon 2019 - Bern IHE EPR Projectathon 2019 - Bern (Projectathon Europe 2019) The registration deadline is 8/23/19 11:59:00 PM . You will not be able to add or alter systems after that date. This event will held from 9/23/19 9:00:00 AM to 9/27/19 12:00:00 PM
	EPR Projectathon 2019 - Rennes (Projectathon Europe 2019)Closed	EPR Projectathon 2019 - Rennes IHE EPR Projectathon 2019 - Rennes (Projectathon Europe 2019) The registration deadline is 2/28/19 12:00:00 PM . You will not be able to add or alter systems after that date. This event will held from 4/8/19 12:00:00 PM to 4/12/19 12:00:00 PM
	EPR Projectathon 2019 - Wave 2 Online testing (Projectathon Europe 2019)Closed	EPR Projectathon 2019 - Wave 2 Online testing IHE EPR Projectathon 2019 - Wave 2 Online testing (Projectathon Europe 2019) The registration deadline is 1/26/19 12:00:00 PM . You will not be able to add or alter systems after that date. This event will held from 2/4/19 12:00:00 PM to 2/22/19 12:00:00 PM
	EPR Projectathon 2019 - Open Online Testing (Projectathon Europe 2019)Closed	EPR Projectathon 2019 - Open Online Testing IHE EPR Projectathon 2019 - Open Online Testing (Projectathon Europe 2019) The registration deadline is 4/5/19 12:00:00 PM . You will not be able to add or alter systems after that date. This event will held from 1/7/19 12:00:00 PM to 4/5/19 12:00:00 PM
	EPR Projectathon 2018 - Bern (Projectathon Europe 2018)Closed	EPR Projectathon 2018 - Bern IHE EPR Projectathon 2018 - Bern (Projectathon Europe 2018) The registration deadline is 7/31/18 12:00:00 PM . You will not be able to add or alter systems after that date. This event will held from 9/17/18 9:00:00 AM to 9/21/18 12:00:00 PM
	EPR Projectathon 2018 - Den Haag (Projectathon Europe 2018)Closed	EPR Projectathon 2018 - Den Haag IHE EPR Projectathon 2018 - Den Haag (Projectathon Europe 2018) The registration deadline is 2/9/18 11:59:00 PM . You will not be able to add or alter systems after that date. This event will held from 4/16/18 8:00:00 AM to 1/19/18 11:59:00 AM
	EPR Projectathon 2017 (Projectathon Europe 2017)Closed	EPR Projectathon 2017 IHE EPR Projectathon 2017 (Projectathon Europe 2017) The registration deadline is 6/30/17 12:00:00 PM . You will not be able to add or alter systems after that date. This event will held from 9/25/17 8:00:00 AM to 9/28/17 6:00:00 PM
	Demo testing (Demo Europe 2017)	Demo testing IHE Demo testing (Demo Europe 2017) The registration deadline is 1/19/24 12:00:00 PM . You will not be able to add or alter systems after that date. This event will held from 3/25/24 12:00:00 PM to 1/29/24 11:40:00 AM
	Test Session Template DO NOT EDIT (Template Europe 2019)Closed	Test Session Template DO NOT EDIT IHE Test Session Template DO NOT EDIT (Template Europe 2019) The registration deadline is 9/11/19 12:00:00 PM . You will not be able to add or alter systems after that date. This event will held from 9/3/19 12:00:00 PM to 9/4/19 12:00:00 PM