| ATNA | ATNA-1 | reviewed | Testable |
0
|
0
| I think this is redundant to ATNA-11. This is just a generic statement about the ITI-19 transaction. > No, the use of bi-directionnal certificate authentication is implicit in ITI19-1, this assertion makes it explicit. | The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node. | 72 | Section 9.4 | 10/21/21 3:14:28 PM by NicolasBailliet |
|
| ATNA | ATNA-13 | reviewed | Testable |
0
|
0
| This is a grouping requirement. ITI-1 is not required by the ATNA profile. > According to 2nd Review group, the TF is the reference. | Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall perform the Maintain Time [ITI-1] transaction | 72 | Table 9.3-1 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-14 | reviewed | Testable |
0
|
0
| I disagree with this assertion. Section 9.7 reads "If the product claims only to include the Secure Application Actor, that indicates that only those security features that apply to the application features are provided by the product." I expect SAs to support ITI-19 for its IHE transactions that carry PHI. > Yes, this is the philosophy of the SA actor in the TF : "required only for transactions containing PHI". According to 2nd Review group, the TF is the reference, so we won't delete this assertion. | Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction | 69 | Table 9.1-1 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-15 | reviewed | Testable |
0
|
0
| | Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Maitain Time [ITI-1] transaction | 72 | Table 9.3-1 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-16 | reviewed | Testable |
0
|
0
| see previous comment on ITI-19 | Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Record Audit Event [ITI-20] transaction | 69 | Table 9.1-1 | 7/2/20 3:26:10 PM by sryan |
|
| ATNA | ATNA-17 | reviewed | Testable |
0
|
0
| | The Secure Node Actor shall include the Authenticate Node [ITI-19] transaction for all network connections that may expose private information. | 69 | Table 9.1-1 | 7/2/20 3:26:13 PM by sryan |
|
| ATNA | ATNA-18 | reviewed | Testable |
0
|
0
| | The Secure Node Actor shall ensure all local user activity (login, logout, etc.) protected to ensure only authorized users. | 69 | Section 9.1.1.1 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-19 | reviewed | Testable |
0
|
0
| I think this is redundant with assertion ATNA-12 | The Secure Node Actor shall include the record Audit Event as specified in ITI TF-2a: 3.20 | 69 | Section 9.1.1.1 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-2 | reviewed | Testable |
0
|
0
| probably not a testable assertion | Secure Nodes shall either prohibit, or be designed and verified to prevent access to PHI, whenever connections are not bi-directionally node-authenticated . | 69 | Section 9.1.1 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-23 | reviewed | Testable |
0
|
0
| | Secure Node actor may support the Radiology Audit Trail option | 71 | Table 9.2-1 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-24 | reviewed | Testable |
0
|
0
| | Secure Application actors may support the Radiology Audit Trail option | 71 | Table 9.2-1 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-25 | reviewed | Testable |
0
|
0
| | Actors in the IHE Radiology domain Profiles which claim support of the Audit Trail and Node Authentication (ATNA) integration profile are required to implement the Radiology Audit Trail option. | 83 | Section 9.5.2 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-26 | reviewed | Testable |
0
|
0
| | Audit Record Forwarder actor which claims support of the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction. | 69 | Table 9.1-1 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-27 | reviewed | Testable |
0
|
0
| | The Secure Node shall use the Authenticate Node transaction for all network connections to or from the node that may expose private information as specified in ITI TF-2a: 3.19 | 69 | Section 9.1.1.1 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-28 | reviewed | Testable |
0
|
0
| | The Secure Application shall use the Authenticate Node transaction for all network connections to or from the application that may expose private information as specified in ITI TF-2a: 3.19 | 70 | Section 9.1.1.2 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-29 | reviewed | Testable |
0
|
0
| | The Secure Application shall provide sufficient authentication methods to ensure that only authorized users access the Secure Application | 70 | Section 9.1.1.2 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-3 | reviewed | Testable |
0
|
0
| | A Secure Node Actor shall be configurable to support both connection authentication and physically secured networks | 72 | Section 9.4 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-30 | reviewed | Testable |
0
|
0
| | The Secure Application shall detect and report a Record Audit Event as specified in ITI TF-2a: 3.20 | 70 | Section 9.1.1.2 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-31 | reviewed | Testable |
0
|
0
| | The Audit Repository shall support all messages complying with the Syslog RFCs shall be accepted. The Audit Repository may ignore or process messages in non-IHE message formats. This may be for backwards compatibility or other reasons. | 70 | Section 9.1.1.3 | 5/21/19 5:24:31 PM by NicolasBailliet |
|
| ATNA | ATNA-32 | reviewed | Testable |
0
|
0
| | The Audit Record Forwarder shall be grouped with an Audit Record Repository | 71 | Section 9.1.1.4 | 5/21/19 5:24:31 PM by NicolasBailliet |
|