1、BRITISH STANDARDBS ISO 17090-3:2008Health informatics Public key infrastructure Part 3: Policy management of certification authorityICS 35.240.80g49g50g3g38g50g51g60g44g49g42g3g58g44g55g43g50g56g55g3g37g54g44g3g51g40g53g48g44g54g54g44g50g49g3g40g59g38g40g51g55g3g36g54g3g51g40g53g48g44g55g55g40g39g3g
2、37g60g3g38g50g51g60g53g44g42g43g55g3g47g36g58BS ISO 17090-3:2008This British Standard was published under the authority of the Standards Policy and Strategy Committee BSI 2008ISBN 978 0 580 55746 0National forewordThis British Standard is the UK implementation of ISO 17090-3:2008. It supersedes DD I
3、SO/TS 17090-3:2002 which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee IST/35, Health informatics.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necess
4、ary provisions of a contract. Users are responsible for its correct application.Compliance with a British Standard cannot confer immunity from legal obligations.Amendments/corrigenda issued since publicationDate Commentson 30 May 2008Reference numberISO 17090-3:2008(E)INTERNATIONAL STANDARD ISO17090
5、-3First edition2008-02-15Health informatics Public key infrastructure Part 3: Policy management of certification authority Informatique de sant Infrastructure de cl publique Partie 3: Gestion politique dautorit de certification BS ISO 17090-3:2008ii iiiContents Page Foreword iv Introduction v 1 Scop
6、e . 1 2 Normative references . 1 3 Terms and definitions. 1 4 Abbreviations 2 5 Requirements for digital certificate policy management in a healthcare context . 2 5.1 General. 2 5.2 Need for a high level of assurance . 2 5.3 Need for a high level of infrastructure availability 3 5.4 Need for a high
7、level of trust . 3 5.5 Need for Internet compatibility 3 5.6 Need to facilitate evaluation and comparison of CPs. 3 6 Structure of healthcare CPs and healthcare CPSs . 3 6.1 General requirements for CPs. 3 6.2 General requirements for CPSs 4 6.3 Relationship between a CP and a CPS. 5 6.4 Applicabili
8、ty. 5 7 Minimum requirements for a healthcare CP 5 7.1 General requirements. 5 7.2 Publication and repository responsibilities. 5 7.3 Identification and authentication 6 7.4 Certificate life-cycle operational requirements . 10 7.5 Physical controls 19 7.6 Technical security controls . 20 7.7 Certifi
9、cate, CRL and OCSP profiles 25 7.8 Compliance audit 25 7.9 Other business and legal matters . 27 8 Model PKI disclosure statement . 33 8.1 Introduction . 33 8.2 Structure of PKI disclosure statement . 33 Bibliography . 35 BS ISO 17090-3:2008iv Foreword ISO (the International Organization for Standar
10、dization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to
11、 be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Stan
12、dards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an Int
13、ernational Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 17090
14、-3 was prepared by Technical Committee ISO/TC 215, Health informatics. This first edition cancels and replaces the Technical Specification (ISO/TS 17090-3:2002), which has been revised and brought to the status of International Standard. ISO 17090 consists of the following parts, under the general t
15、itle Health informatics Public key infrastructure: Part 1: Overview of digital certificate services Part 2: Certificate profile Part 3: Policy management of certification authority BS ISO 17090-3:2008vIntroduction The healthcare industry is faced with the challenge of reducing costs by moving from p
16、aper-based processes to automated electronic processes. New models of healthcare delivery are emphasizing the need for patient information to be shared among a growing number of specialist healthcare providers and across traditional organizational boundaries. Healthcare information concerning indivi
17、dual citizens is commonly interchanged by means of electronic mail, remote database access, electronic data interchange and other applications. The Internet provides a highly cost-effective and accessible means of interchanging information, but it is also an insecure vehicle that demands additional
18、measures be taken to maintain the privacy and confidentiality of information. Threats to the security of health information through unauthorized access (either inadvertent or deliberate) are increasing. It is essential to have available to the healthcare system reliable information security services
19、 that minimize the risk of unauthorized access. How does the healthcare industry provide appropriate protection for the data conveyed across the Internet in a practical, cost-effective way? Public key infrastructure (PKI) and digital certificate technology seek to address this challenge. The proper
20、deployment of digital certificates requires a blend of technology, policy and administrative processes that enable the exchange of sensitive data in an unsecured environment by the use of “public key cryptography” to protect information in transit and “certificates” to confirm the identity of a pers
21、on or entity. In healthcare environments, this technology uses authentication, encipherment and digital signatures to facilitate confidential access to, and movement of, individual health records to meet both clinical and administrative needs. The services offered by the deployment of digital certif
22、icates (including encipherment, information integrity and digital signatures) are able to address many of these security issues. This is especially the case if digital certificates are used in conjunction with an accredited information security standard. Many individual organizations around the worl
23、d have started to use digital certificates for this purpose. Interoperability of digital certificate technology and supporting policies, procedures and practices is of fundamental importance if information is to be exchanged between organizations and between jurisdictions in support of healthcare ap
24、plications (for example between a hospital and a community physician working with the same patient). Achieving interoperability between different digital certificate implementations requires the establishment of a framework of trust, under which parties responsible for protecting an individuals info
25、rmation rights may rely on the policies and practices and, by extension, the validity of digital certificates issued by other established authorities. Many countries are deploying digital certificates to support secure communications within their national boundaries. Inconsistencies will arise in po
26、licies and procedures between the certification authorities (CAs) and the registration authorities (RAs) of different countries if standards development activity is restricted to within national boundaries. Digital certificate technology is still evolving in certain aspects that are not specific to
27、healthcare. Important standardization efforts and, in some cases, supporting legislation are ongoing. On the other hand, healthcare providers in many countries are already using or planning to use digital certificates. ISO 17090 seeks to address the need for guidance of these rapid international dev
28、elopments. ISO 17090 describes the common technical, operational and policy requirements that need to be addressed to enable digital certificates to be used in protecting the exchange of healthcare information within a single domain, between domains and across jurisdictional boundaries. Its purpose
29、is to create a platform for global interoperability. It specifically supports digital certificate-enabled communication across borders, but could also provide guidance for the national or regional deployment of digital certificates in healthcare. The Internet BS ISO 17090-3:2008vi is increasingly us
30、ed as the vehicle of choice to support the movement of healthcare data between healthcare organizations and is the only realistic choice for cross-border communication in this sector. ISO 17090 should be approached as a whole, with the three parts all making a contribution to defining how digital ce
31、rtificates can be used to provide security services in the health industry, including authentication, confidentiality, data integrity and the technical capacity to support the quality of digital signature. ISO 17090-1 defines the basic concepts underlying the use of digital certificates in healthcar
32、e and provides a scheme of interoperability requirements to establish digital certificate-enabled secure communication of health information. ISO 17090-2 provides healthcare-specific profiles of digital certificates based on the international standard X.509 and the profile of this, specified in IETF
33、/RFC 3280 for different types of certificates. This part of ISO 17909 deals with management issues involved in implementing and using digital certificates in healthcare. It defines a structure and minimum requirements for certificate policies (CPs) and a structure for associated certification practi
34、ce statements. This part of ISO 17090 is based on the recommendations of the informational IETF/RFC 3647, and identifies the principles needed in a healthcare security policy for cross border communication. It also defines the minimum levels of security required, concentrating on the aspects unique
35、to healthcare. Comments on the content of this document, as well as comments, suggestions and information on the application of these standards, may be forwarded to the ISO/TC 215 secretariat at adickersonhimss.org or WG4 convenor, Ross Fraser, and WG4 secretariat at w4consecmedis.or.jp. BS ISO 1709
36、0-3:20081Health informatics Public key infrastructure Part 3: Policy management of certification authority 1 Scope This part of ISO 17090 gives guidelines for certificate management issues involved in deploying digital certificates in healthcare. It specifies a structure and minimum requirements for
37、 certificate policies, as well as a structure for associated certification practice statements. This part of ISO 17090 also identifies the principles needed in a healthcare security policy for cross-border communication and defines the minimum levels of security required, concentrating on aspects un
38、ique to healthcare. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 17
39、090-1:2008, Health informatics Public key infrastructure Part 1: Overview of digital certificate services ISO 17090-2:2008, Health informatics Public key infrastructure Part 2: Certificate profile ISO/IEC 27002, Information technology Security techniques Code of practice for information security man
40、agement IETF/RFC 3647, Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework IETF/RFC 4211, Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF) 3 Terms and definitions For the purposes of this document, the terms and definiti
41、ons given in ISO 17090-1 apply. BS ISO 17090-3:20082 4 Abbreviations AA attribute authority CA certification authority CP certificate policy CPS certification practice statement CRL certificate revocation list OID object identifier PKC public key certificate PKI public key infrastructure RA registra
42、tion authority TTP trusted third party 5 Requirements for digital certificate policy management in a healthcare context 5.1 General Deployment of digital certificates in healthcare shall meet the following objectives in order to be effective in securing the communication of personal health informati
43、on: the reliable and secure binding of unique and distinguished names to individuals, organizations, applications and devices that participate in the electronic exchange of personal health information; the reliable and secure binding of professional roles in healthcare to individuals, organizations
44、and applications that participate in the electronic exchange of personal health information, insofar as those roles may be used as the basis of role-based access control to such health information; (optionally) the reliable and secure binding of attributes to individuals, organizations, applications
45、 and devices that participate in the electronic exchange of personal health information, insofar as those attributes may further the secure communication of health information. The above objectives shall be accomplished in a manner that maintains the trust of all who rely upon the integrity and conf
46、identiality of personal health information that is securely communicated by use of digital certificates. To do this, each CA issuing digital certificates for use in healthcare shall operate according to an explicit set of publicly stated policies that promote the above objectives. 5.2 Need for a hig
47、h level of assurance Security services required for health applications are specified in Clause 6 of ISO 17090-1:2008. For each of these security services (authentication, integrity, confidentiality, digital signature, authorization, access control), a high level of assurance is required. BS ISO 170
48、90-3:200835.3 Need for a high level of infrastructure availability Emergency healthcare is a round-the-clock endeavour and the ability to obtain certificates, revoke certificates and check revocation status is in no way bound by the normal working hours of most businesses. Unlike e-commerce, healthc
49、are imposes high availability requirements on any deployment of digital certificates that will be relied upon to secure the communication of personal health information. 5.4 Need for a high level of trust Unlike electronic commerce (where a vendor and a customer are often the only parties to an electronic transaction and are reliant upon its security and integrity), healthcare applications that store or transmit personal health information may implicitly require the trust of the patients whose information is being exchanged, as well as that of
