ATNA | ATNA-10 | validated | Testable |
0
|
2
| | Audit Record Repository actor which claims support of the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction. | 80 | Table 9.4-1 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-11 | validated | Testable |
0
|
2
| Are we going to duplicate the assertions for SN or SA, or just link these assertions to both actors. I think we should link to both. | Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Authentication Node [ITI-19] transaction | 80 | Table 9.4-1 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-13 | reviewed | Testable |
0
|
2
| This is a grouping requirement. ITI-1 is not required by the ATNA profile. > According to 2nd Review group, the TF is the reference. | Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall perform the Maintain Time [ITI-1] transaction | 80 | Table 9.4-1 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-15 | reviewed | Testable |
0
|
2
| | Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Maitain Time [ITI-1] transaction | 80 | Table 9.4-1 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-16 | reviewed | Testable |
0
|
2
| see previous comment on ITI-19 | Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Record Audit Event [ITI-20] transaction | 80 | Table 9.4-1 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-19 | to delete | Testable |
0
|
2
| I think this is redundant with assertion ATNA-12 | The Secure Node Actor shall include the record Audit Event as specified in ITI TF-2a: 3.20 | 80 | Section 9.4 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-20 | reviewed | Testable |
0
|
2
| | The Audit Repository shall support both audit transport mechanisms
| 80 | Section 9.4 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-21 | reviewed | Testable |
0
|
2
| | The Audit Repository shall support any IHE-specified audit message format, when sent over one of those transport mechanisms. Note that new applications domains may have their own extended vocabularies in addition to the DICOM and IHE vocabularies. This also means that an ATNA Audit Repository is also automatically a Radiology Basic Security Profile Audit Repository because it must support the IHE Provisional Message format and it must support the BSD syslog protocol | 80 | Section 9.4 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-23 | reviewed | Testable |
0
|
2
| | Secure Node actor may support the Radiology Audit Trail option | 82 | Table 9.5-1 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-24 | reviewed | Testable |
0
|
2
| | Secure Application actors may support the Radiology Audit Trail option | 82 | Table 9.5-1 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-25 | reviewed | Testable |
0
|
1
| | Actors in the IHE Radiology domain Profiles which claim support of the Audit Trail and Node Authentication (ATNA) integration profile are required to implement the Radiology Audit Trail option. | 83 | Section 9.5.2 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-3 | reviewed | Testable |
0
|
2
| | A Secure Node Actor shall be configurable to support both connection authentication and physically secured networks | 76 | Section 9.1.2 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-4 | reviewed | Testable |
0
|
4
| | The mechanism for logging audit record messages to the audit record repository shall be either Transmission of Syslog Messages over UDP (RFC5426) with The Syslog Protocol (RFC5424) which formalizes and obsoletes Syslog (RFC-3164), either 2) Transmission of Syslog Messages over TLS (RFC5425) with The Syslog Protocol (RFC5424) which formalizes sending syslog messages over a streaming protocol protectable by TLS. | 80 | Section 9.3 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-6 | validated | Testable |
0
|
4
| | A means must be provided to upload the required certificates to the implementation, e.g., via floppy disk or file transfer via network. | 80 | Section 9.4 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-7 | reviewed | Testable |
0
|
2
| I don't know what this assertion means. | When an implementation chooses to support this Integration Profile for an actor, that actor shall be grouped with the Secure Node Actor. | 80 | Section 9.4 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-8 | reviewed | Testable |
0
|
2
| | When an implementation chooses to support this Integration Profile for an actor, it is required that all IHE actors and any other activities in this implementation support the Audit Trail and Node Authentication Integration Profile. | 80 | Section 9.4 | 2/5/16 12:27:23 PM by aboufahj |
|
ATNA | ATNA-9 | reviewed | Testable |
0
|
2
| | When an implementation chooses to support this Integration Profile for an actor, non-IHE applications that process PHI shall detect and report auditable events, and protect access. | 80 | Section 9.4 | 2/5/16 12:27:23 PM by aboufahj |
|
ITI19 | ITI19-10 | reviewed | Testable |
0
|
0
| | The Secure Node or Secure Application shall not reject certificates that contain unknown attributes or other parameters. | 141 | Section 3.19.6.1.3 | 2/5/16 12:27:23 PM by aboufahj |
|
ITI19 | ITI19-11 | reviewed | Testable |
0
|
0
| | The certificates used for mutual authentication shall be X509 certificates based on RSA key with key length in the range of 1024-4096. | 141 | Section 3.19.6.1.3 | 2/5/16 12:27:23 PM by aboufahj |
|
ITI19 | ITI19-12 | reviewed | Testable |
0
|
0
| | The IHE Technical Framework recommends a maximum expiration time for certificates of 2 years. | 141 | Section 3.19.6.1.3 | 2/5/16 12:27:23 PM by aboufahj |
|