Search Criteria : 46 assertions found for this search Review filtered assertions

Assertion

Applies to

Applied to
Not applied to

Coverage

Covered by
Not covered by
Id scheme
Assertion id
Status
Testable?
#Coverage
#Applies to
Comment
Predicate
Page
Tags
Last changed
Actions
SandPSandP-001to be reviewedTestable 1 0 The Irish eHealth Infrastructure Time Server Actor SHALL implement the IHE CT Time Server Actor.9Section 3.1.17/8/20 10:56:50 AM by sryan
SandPSandP-002to be reviewedTestable 1 0 The Core Interoperability Specification defined Actor SHALL implement the IHE CT Time Client technical actor9Section 3.1.26/29/20 10:51:27 AM by sryan
SandPSandP-003to be reviewedTestable 0 0 The Machines/Hosts connected to the Irish eHealth Infrastructure shall be Identified and Authenticated. As a result, each one shall be assigned by the Irish eHealth Infrastructure a specific digital certificate that shall be securely loaded into the secured certificate store of that Machine/Host and used for TLS mutual authentication. The Irish eHealth Infrastructure will also provide them a public key for the Identification and Authentication of an Irish eHealth Infrastructure Secure Node to connect to. 9Section 3.2.112/18/20 3:42:27 PM by mtoudic
SandPSandP-004to be reviewedTestable 0 0 An Irish eHealth Infrastructure Trust Model SHALL be supported by every Secure Node Actor9Section 3.2.112/18/20 3:42:27 PM by mtoudic
SandPSandP-005to be reviewedTestable 0 0 Secured Node Actors SHALL perform certificate validation including expiration and revocation supporting either CRL (with http transport) and/or OCSP as identified in the certificate content. Revocation checking SHOULD NOT be performed for every transaction butSHALL be performed at least every 6 hours10Section 3.2.112/18/20 3:42:27 PM by mtoudic
SandPSandP-006to be reviewedTestable 0 0 The Machines/Hosts connected to Irish eHealth InfrastructureSHALL use encryption for the exchange of information to and from theIrish eHealth Infrastructure.10Section 3.2.212/18/20 3:42:27 PM by mtoudic
SandPSandP-007to be reviewedTestable 0 0 The CA Trust Model approachSHALL be used: Node Certificates SHALL be issued under the Irish Health Information Exchange Policy to nodes under the authority of a designated National Center for Digital Certificates) that creates a dedicated branch (Root CA for eHealth).9Section 3.2.112/18/20 3:42:27 PM by mtoudic
SandPSandP-008to be reviewedTestable 0 0 The TLS encryption on these Machines/Hosts SHALL support the following cipher algorithms: TLS_DHE_RSA_WITH AES_128_CBC_SHA TLS_DHE_RSA_WITH AES_256_CBC_SHA. 10Section 3.2.212/18/20 3:42:27 PM by mtoudic
SandPSandP-010to be reviewedTestable 0 0 An Audit Trail SHALL be recorded according to the Audit Events defined for the transactions supported by those systems and the IHE ATNA Profile11Section 3.3.112/18/20 3:42:27 PM by mtoudic
SandPSandP-011to be reviewedTestable 0 0 Audit Events SHALL be sent using the Syslog TCP Transport over TLS (RFC 5425, See ATNA Profile section 3.20.4.1.2.1.1 Transmission of Syslog Messages over TLS).11Section 3.3.112/18/20 3:42:27 PM by mtoudic
SandPSandP-012to be reviewedTestable 0 0 HIE Nodes connected to the Irish eHealth Infrastructure Systems SHALL ensure the recording of the security relevant audit events (See IHE ITI TF-2a Section 3.20.6 Trigger Events and Message semantics and other specific profile or standards defined audit events) in a persistent store. The data elements recorded for these audits events SHALL comply only with the data elements definitions from the IHE ATNA Profile and more specifically IHE ITI TF-2a Section 3.20.7 Audit Message Formats (they MAY NOT support the IHE ATNA specific encoding and transport.11Section 3.3.212/18/20 3:42:27 PM by mtoudic
SandPSandP-013to be reviewedTestable 0 0 This persistent store SHALL support security and privacy inquiries (see Irish Health Information Exchange Policies) such as: list all users that accessed or modified a specified subject of care information over a period of time) list of all subjects of care that were accessed by a given user or system over a period of time list of all breakglass events list all access events where the user is not listed as a provider in any patient record list events that request information that is marked as sensitive11Section 3.3.212/18/20 3:42:27 PM by mtoudic
SandPSandP-021to be reviewedTestable 0 0 Subject Role. The value SHALL be one of the values of Individual Provider Specialty Value Set (OID= 1.2.372.980010.3.4) specified in the General Terminology Interoperability Specification.12Section 3.4.112/18/20 3:42:27 PM by mtoudic
SandPSandP-022to be reviewedTestable 0 0 Purpose of Use (including breakglass).The value SHALL be one of the values of the Purpose of Use Value Set.The value set (OID=1.2.372.980010.3.5)is specified in the General Terminology Interoperability Specification.12Section 3.4.112/18/20 3:42:27 PM by mtoudic
SandPSandP-023to be reviewedTestable 0 0 Subject Id is the local login username12Section 3.4.112/18/20 3:42:27 PM by mtoudic
SandPSandP-024to be reviewedTestable 0 0 Subject Organization Identifier12Section 3.4.112/18/20 3:42:27 PM by mtoudic
SandPSandP-025to be reviewedTestable 0 0 National Provider Identifier12Section 3.4.112/18/20 3:42:27 PM by mtoudic
SandPSandP-026to be reviewedTestable 0 0 A local text field containing the reason for the breakglassSHALL be captured and recorded in the local audit trail.12Section 3.4.112/18/20 3:42:27 PM by mtoudic
SandPSandP-027to be reviewedTestable 0 0 Nodes that need to be grouped with an X-Service User SHALL fulfill requirements of the IHE XUA X-Service User actor and transaction ITI-40 requirements12Section 3.4.112/18/20 3:42:27 PM by mtoudic
SandPSandP-030to be reviewedTestable 0 0 To enable the receiver to make access decisions and proper audit entries the following attributes shall be supported (See access control matrices in Appendix B Access Control Decision Matrices).12Section 3.4.212/18/20 3:42:27 PM by mtoudic