AssertionManagerGui

Id scheme	Assertion id	Status	Testable?	#Coverage	#Applies to	Comment	Predicate	Page	Tags	Last changed

ATNA	ATNA-1	reviewed	Testable	1	4	I think this is redundant to ATNA-11. This is just a generic statement about the ITI-19 transaction. > No, the use of bi-directionnal certificate authentication is implicit in ITI19-1, this assertion makes it explicit.	The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node.	76	Section 9.1.2	3/16/17 4:42:08 PM by aberge
ATNA	ATNA-12	validated	Testable	1	2		Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction	80	Table 9.4-4	10/20/22 2:34:14 PM by testAuto
ATNA	ATNA-14	reviewed	Testable	1	2	I disagree with this assertion. Section 9.7 reads "If the product claims only to include the Secure Application Actor, that indicates that only those security features that apply to the application features are provided by the product." I expect SAs to support ITI-19 for its IHE transactions that carry PHI. > Yes, this is the philosophy of the SA actor in the TF : "required only for transactions containing PHI". According to 2nd Review group, the TF is the reference, so we won't delete this assertion.	Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction	80	Table 9.4-1	2/5/16 12:27:23 PM by aboufahj
ATNA	ATNA-17	validated	Testable	1	2		The Secure Node Actor shall include the Authenticate Node [ITI-19] transaction for all network connections that may expose private information.	80	Section 9.4	2/5/16 12:27:23 PM by aboufahj
ATNA	ATNA-18	validated	Testable	1	2		The Secure Node Actor shall ensure all local user activity (login, logout, etc.) protected to ensure only authorized users.	80	Section 9.4	2/5/16 12:27:23 PM by aboufahj
ATNA	ATNA-2	validated	Testable	1	3	probably not a testable assertion	Secure Nodes shall either prohibit, or be designed and verified to prevent access to PHI, whenever connections are not bi-directionally node-authenticated .	76	Section 9.1.2	2/5/16 12:27:23 PM by aboufahj
ITI19	ITI19-1	reviewed	Testable	2	0		When Authenticating the Remote Secure Node, the Local Secure Node shall be able to perform certificate validation based on signature by a trusted CA.	140	Section 3.19.6.1	2/5/16 12:27:23 PM by aboufahj
ITI19	ITI19-14	reviewed	Testable	1	0		For all connections carrying Protected Information (PI) and when configured for use not on a physically secured network, implementations shall use the TLS protocol.	141	Section 3.19.6.2	2/5/16 12:27:23 PM by aboufahj
ITI19	ITI19-15	reviewed	Testable	1	0		For all connections carrying Protected Information (PI) and when configured for use not on a physically secured network, implementations shall support TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite.	141	Section 3.19.6.2	2/5/16 12:27:23 PM by aboufahj
ITI19	ITI19-2	reviewed	Testable	1	0		When Authenticating the Remote Secure Node, the Local Secure Node shall be able to perform direct certificate validation to a set of trusted certificates.	140	Section 3.19.6.1	2/5/16 12:27:23 PM by aboufahj
ITI19	ITI19-3	reviewed	Testable	1	0		The Secure Node or Secure Application shall provide the means for configuring which CAs are trusted to authenticate node certificates for use in a chain of trust. These CAs shall be identified by means of the public signing certificate for the signing CA.	140	Section 3.19.6.1.1	2/5/16 12:27:23 PM by aboufahj
ITI19	ITI19-4	reviewed	Testable	1	0		The Secure Node or Secure Application shall accept communications for which there is a certificate that is signed by a CA that is listed as a trusted signing authority.	140	Section 3.19.6.1.1	2/5/16 12:27:23 PM by aboufahj
ITI19	ITI19-9	reviewed	Testable	1	0		The Secure Node or Secure Application shall not require any specific certificate attribute contents.	141	Section 3.19.6.1.3	2/5/16 12:27:23 PM by aboufahj

reviewed

Testable

I think this is redundant to ATNA-11. This is just a generic statement about the ITI-19 transaction. > No, the use of bi-directionnal certificate authentication is implicit in ITI19-1, this assertion makes it explicit.

The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node.

76

Section 9.1.2

3/16/17 4:42:08 PM by aberge

ATNA

ATNA-12

validated

Testable

1

2

Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction

80

Table 9.4-4

10/20/22 2:34:14 PM by testAuto

ATNA

ATNA-14

reviewed

Testable

1

2

I disagree with this assertion. Section 9.7 reads "If the product claims only to include the Secure Application Actor, that indicates that only those security features that apply to the application features are provided by the product." I expect SAs to support ITI-19 for its IHE transactions that carry PHI. > Yes, this is the philosophy of the SA actor in the TF : "required only for transactions containing PHI". According to 2nd Review group, the TF is the reference, so we won't delete this assertion.

Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction

80

Table 9.4-1

2/5/16 12:27:23 PM by aboufahj

ATNA

ATNA-17

validated

Testable

1

2

The Secure Node Actor shall include the Authenticate Node [ITI-19] transaction for all network connections that may expose private information.

80

Section 9.4

2/5/16 12:27:23 PM by aboufahj

ATNA

ATNA-18

validated

Testable

1

2

The Secure Node Actor shall ensure all local user activity (login, logout, etc.) protected to ensure only authorized users.

80

Section 9.4

2/5/16 12:27:23 PM by aboufahj

ATNA

ATNA-2

validated

Testable

1

3

probably not a testable assertion

Secure Nodes shall either prohibit, or be designed and verified to prevent access to PHI, whenever connections are not bi-directionally node-authenticated .

76

Section 9.1.2

2/5/16 12:27:23 PM by aboufahj

ITI19

ITI19-1

reviewed

Testable

2

0

When Authenticating the Remote Secure Node, the Local Secure Node shall be able to perform certificate validation based on signature by a trusted CA.

140

Section 3.19.6.1

2/5/16 12:27:23 PM by aboufahj

ITI19

ITI19-14

reviewed

Testable

1

0

For all connections carrying Protected Information (PI) and when configured for use not on a physically secured network, implementations shall use the TLS protocol.

141

Section 3.19.6.2

2/5/16 12:27:23 PM by aboufahj

ITI19

ITI19-15

reviewed

Testable

1

0

For all connections carrying Protected Information (PI) and when configured for use not on a physically secured network, implementations shall support TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite.

141

Section 3.19.6.2

2/5/16 12:27:23 PM by aboufahj

ITI19

ITI19-2

reviewed

Testable

1

0

When Authenticating the Remote Secure Node, the Local Secure Node shall be able to perform direct certificate validation to a set of trusted certificates.

140

Section 3.19.6.1

2/5/16 12:27:23 PM by aboufahj

ITI19

ITI19-3

reviewed

Testable

1

0

The Secure Node or Secure Application shall provide the means for configuring which CAs are trusted to authenticate node certificates for use in a chain of trust. These CAs shall be identified by means of the public signing certificate for the signing CA.

140

Section 3.19.6.1.1

2/5/16 12:27:23 PM by aboufahj

ITI19

ITI19-4

reviewed

Testable

1

0

The Secure Node or Secure Application shall accept communications for which there is a certificate that is signed by a CA that is listed as a trusted signing authority.

140

Section 3.19.6.1.1

2/5/16 12:27:23 PM by aboufahj

ITI19

ITI19-9

reviewed

Testable

1

0

The Secure Node or Secure Application shall not require any specific certificate attribute contents.

141

Section 3.19.6.1.3

2/5/16 12:27:23 PM by aboufahj

Search Criteria : 13 assertions found for this search Review filtered assertions

Assertion

Applies to

Coverage