EN 12251:2004
Current
The latest, up-to-date edition.
Health informatics - Secure User Identification for Health Care - Management and Security of Authentication by Passwords
18-08-2004
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Requirements
4.1 Unique identification and authentication
4.2 Identification and authentication prior to all other
interactions
4.3 Associating unique identity with users
4.4 Maintaining the identity of active users
4.5 Log-on message
4.6 Number of log-on trials
4.7 Incorrectly performed log-on procedure
4.8 Display of log-on statistics
4.9 Password sharing
4.10 Password storage
4.11 Logging of passwords
4.12 Password display suppression
4.13 User-changeability of passwords
4.14 Default passwords
4.15 Initialised passwords
4.16 Temporary passwords
4.17 Password expiration
4.18 Password expiration notification
4.19 Password reuse
4.20 Password complexity
Annex A (informative) Potential password complexity
requirements
Annex B (informative) User responsibilities
Annex C (informative) Password communication
Bibliography
This document is designed to improve the authentication of individual users of health care IT systems, by strengthening the automatic software procedures associated with the management of user identifiers and passwords, without resorting to additional hardware facilities.This document applies to all information systems (hereafter called systems) within the health care environment that handle or store sensitive person identifiable health information, using passwords as the only means of authenticating the entered user identifier, i.e., verifying the claimed identity of a user. Systems that fall within the scope of this document include for example electronic patient record systems, patient administrative systems and laboratory systems, containing personal health information.This document does not apply to systems outside the health care environment. Neither does it apply to systems within the health care environment that use other means of identification and authentication, such as smart cards, biometric methods or other technical facilities.
Committee |
CEN/TC 251
|
DevelopmentNote |
Supersedes ENV 12251. (09/2004)
|
DocumentType |
Standard
|
PublisherName |
Comite Europeen de Normalisation
|
Status |
Current
|
Standards | Relationship |
PN EN 12251 : NOV 2005 | Identical |
SN EN 12251 : 2005 | Identical |
NF EN 12251 : 2004 | Identical |
UNI EN 12251 : 2004 | Identical |
BS EN 12251:2004 | Identical |
NEN EN 12251 : 2004 | Identical |
NS EN 12251 : 1ED 2004 | Identical |
I.S. EN 12251:2004 | Identical |
DIN EN 12251:2005-07 | Identical |
NBN EN 12251 : 2004 | Identical |
UNE-EN 12251:2004 | Identical |
ECMA 205 : 1ED 93 | COMMERCIALLY ORIENTED FUNCTIONALITY CLASS FOR SECURITY EVALUATION (COFC) |
ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.