Name: BS ISO 17090-3:2008
Brand: BSI

BS ISO 17090-3:2008

Superseded

View Superseded by

Health informatics. Public key infrastructure Policy management of certification authority

Superseded date

03-22-2021

Published date

05-30-2008

Publisher

British Standards Institution

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Requirements for digital certificate policy
  management in a healthcare context
  5.1 General
  5.2 Need for a high level of assurance
  5.3 Need for a high level of infrastructure
      availability
  5.4 Need for a high level of trust
  5.5 Need for Internet compatibility
  5.6 Need to facilitate evaluation and
      comparison of CPs
6 Structure of healthcare CPs and healthcare CPSs
  6.1 General requirements for CPs
  6.2 General requirements for CPSs
  6.3 Relationship between a CP and a CPS
  6.4 Applicability
7 Minimum requirements for a healthcare CP
  7.1 General requirements
  7.2 Publication and repository responsibilities
  7.3 Identification and authentication
  7.4 Certificate life-cycle operational requirements
  7.5 Physical controls
  7.6 Technical security controls
  7.7 Certificate, CRL and OCSP profiles
  7.8 Compliance audit
  7.9 Other business and legal matters
8 Model PKI disclosure statement
  8.1 Introduction
  8.2 Structure of PKI disclosure statement
Bibliography

Gives guidelines for certificate management issues involved in deploying digital certificates in healthcare. It specifies a structure and minimum requirements for certificate policies, as well as a structure for associated certification practice statements.

Committee	IST/35
DevelopmentNote	Supersedes DD ISO/TS 17090-3 & 05/30139513 DC. (05/2008)
DocumentType	Standard
PublisherName	British Standards Institution
Status	Superseded
SupersededBy	BS ISO 17090-3:2021
Supersedes	DD ISO/TS 17090-3:2002
UnderRevision	DD ISO/TS 17090-3:2002

Standards	Relationship
ISO 17090-3:2008	Identical

ISO 17090-1:2013	Health informatics Public key infrastructure Part 1: Overview of digital certificate services
FIPS PUB 140 : 0001	SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES
ISO/IEC TR 14516:2002	Information technology Security techniques Guidelines for the use and management of Trusted Third Party services
ISO 17090-2:2015	Health informatics Public key infrastructure Part 2: Certificate profile
ISO/IEC 15945:2002	Information technology — Security techniques — Specification of TTP services to support the application of digital signatures
ISO/IEC 27002:2013	Information technology Security techniques Code of practice for information security controls
ISO/IEC 10181-1:1996	Information technology Open Systems Interconnection Security frameworks for open systems: Overview
ISO/IEC 9594-8:2017	Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
ISO 7498-2:1989	Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO/IEC 2382-8:1998	Information technology Vocabulary Part 8: Security
ISO/IEC 8824-1:2015	Information technology Abstract Syntax Notation One (ASN.1): Specification of basic notation Part 1:
ENV 13608-1:2000	HEALTH INFORMATICS - SECURITY FOR HEALTHCARE COMMUNICATION - PART 1: CONCEPTS AND TERMINOLOGY
ISO/IEC 13335-1:2004	Information technology Security techniques Management of information and communications technology security Part 1: Concepts and models for information and communications technology security management