DICOM PS3.15 2024c - Security and System Management Profiles |
---|
This message describes any event for which a node needs to report a security alert, e.g., a node authentication failure when establishing a secure communications channel.
The Node Authentication event can be used to report both successes and failures. If reporting of success is done, this could generate a very large number of audit messages, since every authenticated DICOM association, HL7 transaction, and HTML connection should result in a successful node authentication. It is expected that in most situations only the failures will be reported.
Table A.5.3.11-1. Audit Message for Security Alert
Success implies an informative alert. The other failure values imply warning codes that indicate the severity of the alert. A Minor or Serious failure indicates that mitigation efforts were effective in maintaining system security. A Major failure indicates that mitigation efforts may not have been effective, and that the security system may have been compromised. |
|||
Values selected from DCID 403 “Security Alert Type Code”. |
|||
For a ParticipantObjectIDTypeCode of 12 = URI, then this value shall be the URI of the file or other resource that is the subject of the alert. For a ParticipantObjectIDTypeCode of (110182, DCM, "Node ID") then the value shall include the identity of the node that is the subject of the alert either in the form of node_name@domain_name or as an IP address. Otherwise, the value shall be an identifier of the type specified by ParticipantObjectIDTypeCode of the subject of the alert. |
|||
An element with the Attribute "type" equal to "Alert Description" shall be present with a free text description of the nature of the alert as the value |
|||
See Table A.5.2-1 |
|||
DICOM PS3.15 2024c - Security and System Management Profiles |
---|