{"id":372741,"date":"2024-10-20T02:30:43","date_gmt":"2024-10-20T02:30:43","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-iso-17090-32021\/"},"modified":"2024-10-26T04:23:10","modified_gmt":"2024-10-26T04:23:10","slug":"bs-iso-17090-32021","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-iso-17090-32021\/","title":{"rendered":"BS ISO 17090-3:2021"},"content":{"rendered":"<p>This document gives guidelines for certificate management issues involved in deploying digital certificates in healthcare. It specifies a structure and minimum requirements for certificate policies, as well as a structure for associated certification practice statements.<\/p>\n<p>This document also identifies the principles needed in a healthcare security policy for cross-border communication and defines the minimum levels of security required, concentrating on aspects unique to healthcare.<\/p>\n<h4>PDF Catalog<\/h4>\n<table border=\"1px\" class=\"des-table\">\n<tr>\n<th>PDF Pages<\/th>\n<th>PDF Title<\/th>\n<\/tr>\n<tr>\n<td><b>2<b><\/td>\n<td>National foreword  <\/td>\n<\/tr>\n<tr>\n<td><b>7<b><\/td>\n<td>Foreword  <\/td>\n<\/tr>\n<tr>\n<td><b>8<b><\/td>\n<td>Introduction  <\/td>\n<\/tr>\n<tr>\n<td><b>11<b><\/td>\n<td>1 Scope <br \/> 2 Normative references <br \/> 3 Terms and definitions <br \/> 4 Abbreviations  <\/td>\n<\/tr>\n<tr>\n<td><b>12<b><\/td>\n<td>5 Requirements for digital certificate policy management in a healthcare context <br \/> 5.1 General <br \/> 5.2 Need for a high level of assurance <br \/> 5.3 Need for a high level of infrastructure availability <br \/> 5.4 Need for a high level of trust  <\/td>\n<\/tr>\n<tr>\n<td><b>13<b><\/td>\n<td>5.5 Need for Internet compatibility <br \/> 5.6 Need to facilitate evaluation and comparison of CPs <br \/> 6 Structure of healthcare CPs and healthcare CPSs <br \/> 6.1 General requirements for CPs  <\/td>\n<\/tr>\n<tr>\n<td><b>14<b><\/td>\n<td>6.2 General requirements for CPSs <br \/> 6.3 Relationship between a CP and a CPS <br \/> 6.4 Applicability  <\/td>\n<\/tr>\n<tr>\n<td><b>15<b><\/td>\n<td>7 Minimum requirements for a healthcare CP <br \/> 7.1 General requirements <br \/> 7.2 Publication and repository responsibilities <br \/> 7.2.1 Repositories <br \/> 7.2.2 Publication of certification information <br \/> 7.2.3 Frequency of publication <br \/> 7.2.4 Access controls on repositories  <\/td>\n<\/tr>\n<tr>\n<td><b>16<b><\/td>\n<td>7.3 Identification and authentication <br \/> 7.3.1 Initial registration  <\/td>\n<\/tr>\n<tr>\n<td><b>17<b><\/td>\n<td>7.3.2 Initial identity validation  <\/td>\n<\/tr>\n<tr>\n<td><b>18<b><\/td>\n<td>7.3.3 Identification and authentication for re-keying requests <br \/> 7.3.4 Identification and authentication for revocation request  <\/td>\n<\/tr>\n<tr>\n<td><b>19<b><\/td>\n<td>7.4 Certificate life-cycle operational requirements <br \/> 7.4.1 Certificate application  <\/td>\n<\/tr>\n<tr>\n<td><b>20<b><\/td>\n<td>7.4.2 Certificate application processing <br \/> 7.4.3 Certificate issuance  <\/td>\n<\/tr>\n<tr>\n<td><b>21<b><\/td>\n<td>7.4.4 Certificate acceptance <br \/> 7.4.5 Key pair and certificate usage  <\/td>\n<\/tr>\n<tr>\n<td><b>22<b><\/td>\n<td>7.4.6 Certificate renewal  <\/td>\n<\/tr>\n<tr>\n<td><b>23<b><\/td>\n<td>7.4.7 Certificate re-key <br \/> 7.4.8 Certificate modification  <\/td>\n<\/tr>\n<tr>\n<td><b>24<b><\/td>\n<td>7.4.9 Certificate revocation and suspension  <\/td>\n<\/tr>\n<tr>\n<td><b>27<b><\/td>\n<td>7.4.10 Certificate status services  <\/td>\n<\/tr>\n<tr>\n<td><b>28<b><\/td>\n<td>7.4.11 End of subscription <br \/> 7.4.12 Private key escrow <br \/> 7.5 Physical controls <br \/> 7.5.1 General <br \/> 7.5.2 Physical controls <br \/> 7.5.3 Procedural controls <br \/> 7.5.4 Personnel controls <br \/> 7.5.5 Security audit logging procedures <br \/> 7.5.6 Record archive  <\/td>\n<\/tr>\n<tr>\n<td><b>29<b><\/td>\n<td>7.5.7 Key changeover <br \/> 7.5.8 Compromise and disaster recovery <br \/> 7.5.9 CA termination <br \/> 7.6 Technical security controls <br \/> 7.6.1 Key pair generation and installation  <\/td>\n<\/tr>\n<tr>\n<td><b>31<b><\/td>\n<td>7.6.2 Private key protection  <\/td>\n<\/tr>\n<tr>\n<td><b>32<b><\/td>\n<td>7.6.3 Other aspects of key management  <\/td>\n<\/tr>\n<tr>\n<td><b>33<b><\/td>\n<td>7.6.4 Activation data <br \/> 7.6.5 Computer security controls <br \/> 7.6.6 Life-cycle technical controls <br \/> 7.6.7 Network security controls  <\/td>\n<\/tr>\n<tr>\n<td><b>34<b><\/td>\n<td>7.6.8 Time stamping <br \/> 7.7 Certificate, CRL and OCSP profiles <br \/> 7.8 Compliance audit <br \/> 7.8.1 General <br \/> 7.8.2 Frequency of CA compliance audit <br \/> 7.8.3 Identity\/qualifications of auditor <br \/> 7.8.4 Auditor&#8217;s relationship to audited party <br \/> 7.8.5 Topics covered by audit  <\/td>\n<\/tr>\n<tr>\n<td><b>35<b><\/td>\n<td>7.8.6 Actions taken as a result of deficiency  <\/td>\n<\/tr>\n<tr>\n<td><b>36<b><\/td>\n<td>7.8.7 Communication of audit results <br \/> 7.9 Other business and legal matters <br \/> 7.9.1 Fees <br \/> 7.9.2 Financial responsibility <br \/> 7.9.3 Confidentiality of business information <br \/> 7.9.4 Privacy of personal information  <\/td>\n<\/tr>\n<tr>\n<td><b>37<b><\/td>\n<td>7.9.5 Intellectual property rights <br \/> 7.9.6 Representations and warranties  <\/td>\n<\/tr>\n<tr>\n<td><b>39<b><\/td>\n<td>7.9.7 Disclaimers of warranties <br \/> 7.9.8 Limitations of liability  <\/td>\n<\/tr>\n<tr>\n<td><b>40<b><\/td>\n<td>7.9.9 Indemnities <br \/> 7.9.10 Term and termination <br \/> 7.9.11 Individual notices and communication with participants <br \/> 7.9.12 Amendments <br \/> 7.9.13 Dispute resolution procedures  <\/td>\n<\/tr>\n<tr>\n<td><b>41<b><\/td>\n<td>7.9.14 Governing law <br \/> 7.9.15 Compliance with applicable law <br \/> 7.9.16 Miscellaneous provisions <br \/> 8 Model PKI disclosure statement <br \/> 8.1 Introduction  <\/td>\n<\/tr>\n<tr>\n<td><b>42<b><\/td>\n<td>8.2 Structure of PKI disclosure statement  <\/td>\n<\/tr>\n<tr>\n<td><b>43<b><\/td>\n<td>Bibliography  <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p><b>Health informatics. Public key infrastructure &#8211; Policy management of certification authority<\/b><\/p>\n<table class=\"shortdes-table\" style=\"width: 100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td>Published By<\/td>\n<td>Publication Date<\/td>\n<td>Number of Pages<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/pdfstandards.shop\/product-category\/publishers\/bsi\/\"><b>BSI<\/b><\/a><\/td>\n<td>2021<\/td>\n<td>46<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":372748,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[704,2641],"product_tag":[],"class_list":{"0":"post-372741","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-35-240-80","7":"product_cat-bsi","9":"first","10":"instock","11":"sold-individually","12":"shipping-taxable","13":"purchasable","14":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/372741","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/372748"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=372741"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=372741"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=372741"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}