DICOM PS3.15 2024d - Security and System Management Profiles |
---|
The following subsections define message specializations for use by implementations that claim conformance to the DICOM Audit Trail Profile. Any field (i.e., XML element and associated attributes) not specifically mentioned in the following tables shall follow the conventions specified in Section A.5.1 and Section A.5.2.
An implementation claiming conformance to this Profile that reports an activity covered by one of the audit messages defined by this Profile shall use the message format defined in this Profile. However, a system claiming conformance to this Profile is not required to send a message each time the activity reported by that audit message occurs. It is expected that the triggering of audit messages would be configurable on an individual basis, to be able to balance network load versus the severity of threats, in accordance with local security policies.
It is a system design issue outside the scope of DICOM as to what entity actually sends an audit event and when. For example, a Query message could be generated by the entity where the query originated, by the entity that eventually would respond to the query, or by a monitoring entity not directly involved with the query, but that generates audit messages based on monitored network traffic.
To report events that are similar to the events described here, these definitions can be used as the basis for extending the schema.
In the subsequent tables, the information entity column indicates the relationship between real world entities and the information elements encoded into the message.
This audit message describes the event of an Application Entity starting or stopping. This is closely related to the more general case of any kind of application startup or shutdown, and may be suitable for those purposes also.
Table A.5.3.1-1. Application Activity Message
DICOM PS3.15 2024d - Security and System Management Profiles |
---|