• Shopping Cart
    There are no items in your cart

BS EN 12251:2004

Current

Current

The latest, up-to-date edition.

Health informatics. Secure user identification for health care. Management and security of authentication by passwords

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

03-09-2004

€165.94
Excluding VAT

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Requirements
  4.1 Unique identification and authentication
  4.2 Identification and authentication prior to all
       other interactions
  4.3 Associating unique identity with users
  4.4 Maintaining the identity of active users
  4.5 Log-on message
  4.6 Number of log-on trials
  4.7 Incorrectly performed log-on procedure
  4.8 Display of log-on statistics
  4.9 Password sharing
  4.10 Password storage
  4.11 Logging of passwords
  4.12 Password display suppression
  4.13 User-changeability of passwords
  4.14 Default passwords
  4.15 Initialised passwords
  4.16 Temporary passwords
  4.17 Password expiration
  4.18 Password expiration notification
  4.19 Password reuse
  4.20 Password complexity
Annex A (informative) Potential password complexity
                      requirements
Annex B (informative) User responsibilities
Annex C (informative) Password communication
Bibliography

Designed to improve the authentication of individual users of health care IT system, by strengthening the automatic software procedures associated with the management of user identifiers and passwords, without resorting to additional hardware facilities.

Committee
IST/35
DevelopmentNote
Supersedes DD ENV 12251. (09/2004)
DocumentType
Standard
Pages
16
PublisherName
British Standards Institution
Status
Current
Supersedes

This document is designed to improve the authentication of individual users of health care IT systems, by strengthening the automatic software procedures associated with the management of user identifiers and passwords, without resorting to additional hardware facilities. This document applies to all information systems (hereafter called systems) within the health care environment that handle or store sensitive person identifiable health information, using passwords as the only means of authenticating the entered user identifier, i.e., verifying the claimed identity of a user. Systems that fall within the scope of this document include for example electronic patient record systems, patient administrative systems and laboratory systems, containing personal health information. This document does not apply to systems outside the health care environment. Neither does it apply to systems within the health care environment that use other means of identification and authentication, such as smart cards, biometric methods or other technical facilities.

Standards Relationship
SN EN 12251 : 2005 Identical
NF EN 12251 : 2004 Identical
UNI EN 12251 : 2004 Identical
EN 12251:2004 Identical
NEN EN 12251 : 2004 Identical
NS EN 12251 : 1ED 2004 Identical
I.S. EN 12251:2004 Identical
DIN EN 12251:2005-07 Identical
NBN EN 12251 : 2004 Identical
UNE-EN 12251:2004 Identical

ECMA 205 : 1ED 93 COMMERCIALLY ORIENTED FUNCTIONALITY CLASS FOR SECURITY EVALUATION (COFC)
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.