 |
Return to detail page at www.hitsp.org | HITSP/SC109 |
| Prev TOC Next |
| HOME | ABOUT | MEMBERSHIP | NEWS & ANNOUNCEMENTS | MEETINGS | FAQ | CONTACT US | | Powered by American National Standards Institute |
|
Return to detail page at www.hitsp.org | HITSP/SC109 |
| Prev TOC Next |
The HITSP Security Audit Service Collaboration describes the mechanism to record security relevant events in support of policy, regulation, or risk analysis. It also provides the mechanism to determine the record format to support analytical reports that are needed. This Service Collaboration utilizes the following constructs:
HITSP/T15 Collect and Communicate Security Audit Trail
HITSP/T16 Consistent Time
For more information about the underlying capabilities, pre-conditions, post-conditions, data flows and other detailed information, please refer to the constructs that are used by this Service Collaboration.
This Service Collaboration document illustrates one internal view diagram and sequence table for each service interface. The diagrams are descriptive and the sequences are not mandatory. They may be affected by policy, chosen architecture, and implementation details. Conformance is measured against the underlying constructs.
Table 1-1 Service Collaboration Transactions and Data
|
Service Collaboration |
Service Collaboration Description |
Interface |
Interface Optionality [1] |
|
HITSP/SC109 |
Provides the mechanism to record security audit events |
Send Security Audit Event |
R |
There is one example diagram included for each service interface. The diagrams are descriptive and the sequences are not mandatory. They may be affected by policy, chosen architecture, and implementation details. Conformance is measured against the underlying constructs.
Figure 1-1 Security Audit External View Diagram
Table 1-2 List of Constructs
|
Construct |
Description |
|
HITSP/T15 - Collect and Communicate Security Audit Trail |
The Collect and Communicate Security Audit Trail Transaction is a means to provide assurance that security policies are being followed or enforced and that risks are being mitigated. This document describes the mechanisms to define and identify security relevant events and the data to be collected and communicated as determined by policy, regulation or risk analysis. It also provides the mechanism to determine the record format to support analytical reports that are needed |
|
HITSP/T16 - Consistent Time |
The Consistent Time Transaction provides a mechanism to ensure that all of the entities that are communicating within the network have synchronized system clocks |
Figure 1-2 Send Security Audit Internal View
Table 1-3 Send Security Audit Event Pre-conditions
|
Pre-conditions |
Uses SC, T, TP or C |
Interface |
Purpose |
|
Time has been synchronized |
HITSP/T16 - Consistent Time |
Time Client |
To synchronize time with well known time source |
Table 1-4 Send Security Audit Event Sequence of Constructs
|
Step Number |
Uses SC, T, TP or C |
Interface [2] |
Purpose |
|
1 |
HITSP/T15 - Collect and Communicate Security Audit Trail |
Audit Record Source |
Record audit event in the repository |
Table 1-5 Send Security Audit Event Post-conditions
|
Post-conditions |
Uses SC, T, TP or C |
Interface |
Purpose |
|
None
|
|
|
|
|
Return to detail page at www.hitsp.org | HITSP/SC109 |
| Prev TOC Next |