ASTM E2595-2007 权限管理基础组织的标准指南
作者:标准资料网
时间:2024-05-12 08:28:33
浏览:8720
来源:标准资料网
下载地址: 点击此处下载
【英文标准名称】:StandardGuideforPrivilegeManagementInfrastructure
【原文标准名称】:权限管理基础组织的标准指南
【标准号】:ASTME2595-2007
【标准状态】:现行
【国别】:
【发布日期】:2007
【实施或试行日期】:
【发布单位】:美国材料与试验协会(US-ASTM)
【起草单位】:E31.25
【标准类型】:(Guide)
【标准水平】:()
【中文主题词】:信息技术;管理;安全管理;服务设施
【英文主题词】:accesscontrol;delegation;healthcareenvironment;PMI;privilegemanagementinfrastructure;security
【摘要】:MotivationforthePMIcomesfromseveralorganizationalandapplicationareas.Forexample:Supportingadistributedheterogeneousapplicationarchitecturewithahomogeneousdistributedsecurityinfrastructureleveragedacrosstheenterprise;providinguserandserviceidentitiesandpropagation;andprovidingacommon,consistentsecurityauthorizationandaccesscontrolinfrastructure.Providingmechanismstodescribeandenforceenterprisesecuritypolicysystematicallythroughouttheorganizationforconsistency,maintenance,andeaseofmodificationandtodemonstratecompliancetoapplicableregulationandlaw.Providingsupportfordistributed/service-orientedarchitecturesinwhichenterprise-wideservicesandauthoritativesourcesareprotectedbyprovidingsecurityservicesthatthemselvesarealsodistributedusingcommoninterfacesandcommunicationprotocols.Providingx201C;economiesofscalex201D;whereitisdesiredtochangetheapproachofindividuallymanagingtheconfigurationofeachpointofenforcementtoonethatestablishesaconsolidatedviewofthesafeguardsineffectthroughouttheenterprise.Providingcentralizedcontrol,management,andvisibilitytosecuritypolicyacrosstheenterpriseandwhenconnectingtootherorganizations.Thisallowsforadditionalkeyfeaturessuchasdelegatedadministration,centralizedpolicyanalysis,andconsolidatedreporting.Providingadistributedcomputingsecurityarchitectureallowingforsynchronizedsecurityservicesthatareefficientlymaintainedacrosstheenterprisewhilealsoallowingforcentralizedpolicycontrolanddistributedpolicydecision-making/enforcement.Ensuringpropersecuritycontrolsareenactedforeachserviceandwhenusedincombination.Provisioningincrementalupdatestopolicyandconfigurationdatasimultaneouslyacrossalldistributeddecision/enforcementpoints.Establishingandenforcingnewpoliciesnotenvisionedwhenindividualapplicationswerefieldedandadaptingtonewrequirementsandthreats.Managingidentityandsecurityimplementedinadiversemixofnewandoldtechnologies.Permittinganorganizationtogrant,suspend,orrevokecentrallyanyorallabilitytoconnecttooraccessenterpriseresourceseitherindividuallyorcollectivelyandwiththecapabilitytoenforcethesepoliciesatrun-time.Supportingaccessdecisionsthataresensitivetoauserx2019;scredentialsinadditiontoidentity.Forexample,theusermayhavetobealicensedhealthcareprofessionaltoaccessamedicalrecord.SupportingDelegation8212;Ausermightdelegateaccessforaresourcetoanotheruser(forexample,aphysicianmightdelegateaccesstohispatientx2019;srecordstoaspecialist).Thisshowstheneedforadelegationcapabilityforsomeapplications.SupportingSenderVerification8212;Whenauserreceivesasigneddocument,heshallbesurethesenderwas,insomesense,authorizedtosignandsendthedocument.Asimpleexamplewouldbeaprescriptionthatshallbesignedbyadoctor.Asimpleidentitycertificateisinsufficient,asitdoesnotindicatethesenderx2019;scredentials(thatis,thatheisadoctor).SupportingDocumentCosigning8212;Multipleexamplesexistinwhichmorethanonesignatureisrequiredonadocument(2).Forexample,atranscriptionisttranscribesandsignsadocument,butitisnotavalidpartoftherecorduntilitisreviewedandsignedbytheprimarycarephysician.Similarmechanismscanbeusedtoprovidecosig......
【原文标准名称】:权限管理基础组织的标准指南
【标准号】:ASTME2595-2007
【标准状态】:现行
【国别】:
【发布日期】:2007
【实施或试行日期】:
【发布单位】:美国材料与试验协会(US-ASTM)
【起草单位】:E31.25
【标准类型】:(Guide)
【标准水平】:()
【中文主题词】:信息技术;管理;安全管理;服务设施
【英文主题词】:accesscontrol;delegation;healthcareenvironment;PMI;privilegemanagementinfrastructure;security
【摘要】:MotivationforthePMIcomesfromseveralorganizationalandapplicationareas.Forexample:Supportingadistributedheterogeneousapplicationarchitecturewithahomogeneousdistributedsecurityinfrastructureleveragedacrosstheenterprise;providinguserandserviceidentitiesandpropagation;andprovidingacommon,consistentsecurityauthorizationandaccesscontrolinfrastructure.Providingmechanismstodescribeandenforceenterprisesecuritypolicysystematicallythroughouttheorganizationforconsistency,maintenance,andeaseofmodificationandtodemonstratecompliancetoapplicableregulationandlaw.Providingsupportfordistributed/service-orientedarchitecturesinwhichenterprise-wideservicesandauthoritativesourcesareprotectedbyprovidingsecurityservicesthatthemselvesarealsodistributedusingcommoninterfacesandcommunicationprotocols.Providingx201C;economiesofscalex201D;whereitisdesiredtochangetheapproachofindividuallymanagingtheconfigurationofeachpointofenforcementtoonethatestablishesaconsolidatedviewofthesafeguardsineffectthroughouttheenterprise.Providingcentralizedcontrol,management,andvisibilitytosecuritypolicyacrosstheenterpriseandwhenconnectingtootherorganizations.Thisallowsforadditionalkeyfeaturessuchasdelegatedadministration,centralizedpolicyanalysis,andconsolidatedreporting.Providingadistributedcomputingsecurityarchitectureallowingforsynchronizedsecurityservicesthatareefficientlymaintainedacrosstheenterprisewhilealsoallowingforcentralizedpolicycontrolanddistributedpolicydecision-making/enforcement.Ensuringpropersecuritycontrolsareenactedforeachserviceandwhenusedincombination.Provisioningincrementalupdatestopolicyandconfigurationdatasimultaneouslyacrossalldistributeddecision/enforcementpoints.Establishingandenforcingnewpoliciesnotenvisionedwhenindividualapplicationswerefieldedandadaptingtonewrequirementsandthreats.Managingidentityandsecurityimplementedinadiversemixofnewandoldtechnologies.Permittinganorganizationtogrant,suspend,orrevokecentrallyanyorallabilitytoconnecttooraccessenterpriseresourceseitherindividuallyorcollectivelyandwiththecapabilitytoenforcethesepoliciesatrun-time.Supportingaccessdecisionsthataresensitivetoauserx2019;scredentialsinadditiontoidentity.Forexample,theusermayhavetobealicensedhealthcareprofessionaltoaccessamedicalrecord.SupportingDelegation8212;Ausermightdelegateaccessforaresourcetoanotheruser(forexample,aphysicianmightdelegateaccesstohispatientx2019;srecordstoaspecialist).Thisshowstheneedforadelegationcapabilityforsomeapplications.SupportingSenderVerification8212;Whenauserreceivesasigneddocument,heshallbesurethesenderwas,insomesense,authorizedtosignandsendthedocument.Asimpleexamplewouldbeaprescriptionthatshallbesignedbyadoctor.Asimpleidentitycertificateisinsufficient,asitdoesnotindicatethesenderx2019;scredentials(thatis,thatheisadoctor).SupportingDocumentCosigning8212;Multipleexamplesexistinwhichmorethanonesignatureisrequiredonadocument(2).Forexample,atranscriptionisttranscribesandsignsadocument,butitisnotavalidpartoftherecorduntilitisreviewedandsignedbytheprimarycarephysician.Similarmechanismscanbeusedtoprovidecosig......
下载地址:
点击此处下载