EVS-EN ISO 22600-3:2014

This multi part International Standard defines privilege management and access control services required for communication and use of distributed health information over domain and security borders. The document introduces principles and specifies services needed for managing privileges and access control. It specifies the necessary component-based concepts and is intended to support their technical implementation. It does not specify the use of these concepts in particular clinical process pathways nor does it address the safety concerns, if any, associated with their use.
While Part 1 is a narrative introduction to the problem of policy bridging in the context of inter-organizational communication and co-operation, Part 2 defines a generic development process for analysing, designing, implementing and deploying semantically health information systems. The security services needed due to legal, social, organisational, user-related, functional and technological requirements have to be embedded in the advanced and sustainable system architecture meeting the paradigms for semantic interoperability.
This Part 3 of the ISO 26000 instantiates requirements for repositories for access control policies and requirements for privilege management infrastructures. It provides implementation examples of the formal models specified in Part 2.
This International Standard excludes platform-specific and implementation details. It does not specify technical communication security services, authentication techniques and protocols that have been established in other standards such as, e.g., ISO 7498-2 Information processing systems, Open Systems Interconnection, Basic Reference Model - Part 2: Security Architecture, ISO/IEC 10745 (ITU-T X.803), ISO/IEC 13594 - IT-Lower layers security (ITU-T X.802) and ISO/IEC 10181-1 (ITU-T X.810), ISO/IEC 9594-8 Information technology - Open Systems Interconnection - The Directory – Part 8 – Authentication framework (equiv. to ITU-T/X.509, ISO/IEC 9796 Security techniques, Digital signature scheme giving message recovery, multiple Parts (1-2), ISO/IEC 9797 Security techniques, Message authentication codes, ISO/IEC 9798 Information technology – Security techniques – Entity authentication.