A.5.3.11 Security Alert

A.5.3.11 Security Alert (Current)
Prev	A.5.3 DICOM Specific Audit Messages	Next

This message describes any event for which a node needs to report a security alert, e.g., a node authentication failure when establishing a secure communications channel.

Note

The Node Authentication event can be used to report both successes and failures. If reporting of success is done, this could generate a very large number of audit messages, since every authenticated DICOM association, HL7 transaction, and HTML connection should result in a successful node authentication. It is expected that in most situations only the failures will be reported.

Table A.5.3.11-1. Audit Message for Security Alert

Real-World Entities	Field Name	Opt.	Value Constraints
Event: EventIdentification	EventID	M	EV (110113, DCM, "Security Alert")
	EventActionCode	M	Shall be: E Execute
	EventDateTime	M	Not specialized.
	EventOutcomeIndicator	M	Success implies an informative alert. The other failure values imply warning codes that indicate the severity of the alert. A Minor or Serious failure indicates that mitigation efforts were effective in maintaining system security. A Major failure indicates that mitigation efforts may not have been effective, and that the security system may have been compromised.
	EventTypeCode	M	DCID 403 “Security Alert Type Code”.
Active Participant: ActiveParticipant Reporting person and/or process (1..2)	UserID	M	Not specialized.
	AlternativeUserID	U	Not specialized.
	UserName	U	Not specialized.
	UserIsRequestor	M	Not specialized.
	RoleIDCode	U	Not specialized.
	NetworkAccessPointTypeCode	U	Not specialized.
	NetworkAccessPointID	U	Not specialized.
Active Participant: ActiveParticipant Performing persons and/or processes (0..N)	UserID	M	Not specialized.
	AlternativeUserID	U	Not specialized.
	UserName	U	Not specialized.
	UserIsRequestor	M	Shall be: false
	RoleIDCode	U	Not specialized.
	NetworkAccessPointTypeCode	U	Not specialized.
	NetworkAccessPointID	U	Not specialized.
Participant Object: ParticipantObjectIdentification Alert subject (0..N)	ParticipantObjectTypeCode	M	Shall be: 2 System Object
	ParticipantObjectTypeCodeRole	U	Defined Terms: 5 Master File 13 Security Resource
	ParticipantObjectDataLifeCycle	U	Not specialized.
	ParticipantObjectIDTypeCode	M	Defined Terms: 12 URI DT (110182, DCM, "Node ID")
	ParticipantObjectSensitivity	U	Not specialized.
	ParticipantObjectID	M	For a ParticipantObjectIDTypeCode of 12 = URI, then this value shall be the URI of the file or other resource that is the subject of the alert. For a ParticipantObjectIDTypeCode of (110182, DCM, "Node ID") then the value shall include the identity of the node that is the subject of the alert either in the form of node_name@domain_name or as an IP address. Otherwise, the value shall be an identifier of the type specified by ParticipantObjectIDTypeCode of the subject of the alert.
	ParticipantObjectName	M	Not specialized.
	ParticipantObjectDetail	M	An element with the Attribute "type" equal to "Alert Description" shall be present with a free text description of the nature of the alert as the value.
	ParticipantObjectDescription	U	Not specialized.
	SOPClass	U	See Section A.5.2.
	Accession	U	Not specialized.
	NumberOfInstances	U	Not specialized.
	Instances	U	Not specialized.
	Encrypted	U	Not specialized.
	Anonymized	U	Not specialized.

Prev	Up	Next
A.5.3.10 Query	Home	A.5.3.12 User Authentication