From IHEWiki

Audit Record Repository Test Cases

Contents 1 1 Audit Record Repository Tests 1.1 Introduction 1.1.1 Integration Profiles and Test Procedures 1.2 Message Attributes 1.3 Message Values 1.4 Configuration 1.5 Starting the MESA Servers 2 Individual Tests 2.1 Test Instructions: 12xx and 15xx Tests 2.2 Audit Record Repository Test 1201: Actor Start 2.3 Audit Record Repository Test 1202: System Configuration 2.4 Audit Record Repository Test 1203: User Authentication 2.5 Audit Record Repository Test 1211: Time Synchronization 2.6 Audit Record Repository Test 1502: Pre-reg/Order Cancel/Reorder 2.7 Audit Record Repository Test 1503: Unidentified #1 2.8 Audit Record Repository Test 1505: Unidentified #3 2.9 11107: ATNA -- Read ATNA testing policy for NA2010 Connectathon 2.10 11115: ATNA Audit 2.11 11115-01: ATNA Audit Transport RFC 3164 2.12 11115-02: ATNA Audit Transport TCP 2.13 11115-03: ATNA Audit Transport RFC 5425 2.14 11115-04: ATNA Audit Transport RFC 5426 2.15 11121: ATNA Audit: Patient Records 2.16 ATNA Audit Record Repository Test 11121: Actor Start 2.17 ATNA Audit Record Repository Test 11122: System Configuration 2.18 ATNA Audit Record Repository Test 11123: User Authentication 2.19 ATNA Audit Record Repository Test 11125: Patient Record

1 Audit Record Repository Tests

Introduction

We assume you are using an interactive terminal or terminal emulator and are logged on to the MESA test system. Change directory to $MESA_TARGET/mesa_tests/actors/audit_rep. Make sure the $MESA_TARGET and $MESA_STORAGE environment variables are set properly.

Integration Profiles and Test Procedures

The Audit Record Repository only participates in the Security Integration Profile. This document lists a number of tests for such repositories. Please refer to the IHE_YR4_Test_Requirements.xls spreadsheet to determine the required and optional tests.

Message Attributes

This section is applicable for other actors and other tests.

Message Values

This section is applicable for other actors and other tests.

Configuration

The Audit Record Repository scripts described below use an ASCII configuration file to identify parameters such as host names and port numbers. The configuration file is named audit_test.cfg and is included in the directory $MESA_TARGET/mesa_tests/rad/actors/audit_rep. Edit the file and change entries (host name, port number) that pertain to your system. Your system is identified by entries that begin with TEST. Read the Runtime Notes section of the Installation Guide to determine the proper settings for the MESA runtime environment.

Starting the MESA Servers

MESA servers are started from a DOS/CMD window or a terminal emulator. Follow these steps:

1. Unix, unsigned certificates
   1. cd $MESA_TARGET/mesa_tests/iti/actors/audit_rep
   2. scripts/start_mesa_servers.csh [loglevel]
2. Unix, signed certificates
   1. cd $MESA_TARGET/mesa_tests/iti/actors/audit_rep
   2. scripts/start_ca_signed.csh
3. Windows, unsigned certificates
   1. cd %MESA_TARGET%\mesa_tests\iti\actors\audit_rep
   2. scripts\start_mesa_servers.bat [loglevel]
4. Windows, signed certificates
   1. cd %MESA_TARGET%\mesa_tests\iti\actors\audit_rep
   2. scripts\start_ca_signed.bat [loglevel]

To stop the servers:

• Unix, unsigned certificates: scripts/stop_mesa_servers.csh [loglevel]
• Unix, signed certificates: scripts/stop_ca_signed.csh [loglevel]
• Windows, unsigned certificates: scripts\stop_mesa_servers.bat [loglevel]
• Windows, signed certificates: scripts\stop_ca_signed.bat [loglevel]

Log files are stored in $MESA_TARGET/logs.

Individual Tests

Each section below lists one test for an Audit Record Repository.

Test Instructions: 12xx and 15xx Tests

Each test is independent of the others. You must collect the results of one test before starting a new test.

1. Enter the Secure Node exam directory: mesa_tests/rad/actors/audit_rep.

2. Remember the MESA servers were started according to the directions in Starting the MESA Servers.

3. Start the interactive script for the desired test. Each perl script is found in <test>/<test>_client.pl. For example, to run test 1201:

   perl  1201/1201_audit_rep.pl

4. Follow the directions of the test script. In most cases, you are merely waiting for messages from the MESA applications.

5. Answer the question or questions that are presented in this document. These questions are below and in the file audit_questions.txt. Modify this file and email the responses to the Project Manager.

If you want to run a different test, start at step 3.

Audit Record Repository Test 1201: Actor Start

This sequence sends an audit record to the Audit Record Repository under test. This test covers the basic functionality of transmitting the message and the proper XML format of the message. The Actor Start message is chosen as that is required of all actors and is independent of other IHE transactions.

References

Instructions

1. If not already done, start the MESA servers according to the directions in Starting the MESA Servers.

2. If not already done, start your Audit Record Repository server.

3. Run the script that sends one message to your Audit Record Repository:

   perl 1201/1201_audit_rep.pl

What is the type of actor that was started and what is the name of the local user?

4. Observe the data sent to your system. Create a text file labeled SYSTEM_1201.txt with the answer to this question:

What is the type of actor that was started and what is the name of the local user?

5. Submit the text file to the Project Manager (not email)

Evaluation

Supplemental Information

Audit Record Repository Test 1202: System Configuration

This sequence sends an audit record to the Audit Record Repository under test. This test covers the basic functionality of transmitting the message and the proper XML format of the message. The System Configuration message is chosen as that is required of all actors and is independent of other IHE transactions.

References

Instructions

1. If not already done, start the MESA servers according to the directions in Starting the MESA Servers.

2. If not already done, start your Audit Record Repository server.

3. Run the script that sends one message to your Audit Record Repository:

   perl 1202/1202_audit_rep.pl

4. Observe the data sent to your system. Create a text file called SYSTEM_1202.txt with the ansers to these questions.

What was the configuration change?

What is the name of the local user who made the change?

5. Submit the file to the Project Manager (not email).

Evaluation

Supplemental Information

Audit Record Repository Test 1203: User Authentication

This sequence sends an audit record to the Audit Record Repository under test. This test covers the basic functionality of transmitting the message and the proper XML format of the message. The User Authentication message is chosen.

References

Instructions

1. If not already done, start the MESA servers according to the directions in Starting the MESA Servers.

2. If not already done, start your Audit Record Repository server.

3. Run the script that sends one message to your Audit Record Repository:

   perl 1203/1203_audit_rep.pl

4. Observe the data sent to your system. Create a text file called SYSTEM_1203.txt with the ansers to these questions.

What is the name of the authenticated user?

5. Submit the file to the Project Manager (not email).

Evaluation

Supplemental Information

Audit Record Repository Test 1211: Time Synchronization

Time synchronization requires an external system that serves as an NTP server. The MESA tools do not include such a server, but they are readily available. If time permits, the Project Manager will load the time server software and allow access for participants. As of this version of the document, that is not available.

References

Instructions

1. Read about NTP at the site [[1]]

2. Select/locate a public NTP server. Follow any rules of etiquette posted for that server.

3. Configure your system to synchronize time with that public NTP server.

4. At exactly 13:00 local time, August 1, send an email to the Project Manager (just kidding).

Evaluation

Supplemental Information

We do not require proof that you have performed this test.

Audit Record Repository Test 1502: Pre-reg/Order Cancel/Reorder

This test covers all of the Audit Record messages from a sequence of events involving a number of different actors. Your system will receive all of the messages; you will then be asked to answer questions about those messages.

References

Instructions

1. If not already done, start the MESA servers according to the directions in Starting the MESA Servers.

2. If not already done, start your Audit Record Repository server.

3. Run the script that sends one message to your Audit Record Repository:

   perl 1502/1502_audit_rep.pl

4. Observe the data sent to your system. Answer these questions and email response to the Project Manager:

5. Observe the data sent to your system. Create a text file called SYSTEM_1502.txt with the ansers to these questions.

Name all of the users who had access to the patient record of BROWN^JAMES

Who was the last user who had access to the patient record of BROWN^JAMES?

6. Submit the file to the Project Manager (not email).

Evaluation

Supplemental Information

Audit Record Repository Test 1503: Unidentified #1

Audit Record Repository Test 1505: Unidentified #3

11107: ATNA -- Read ATNA testing policy for NA2010 Connectathon

A Change Proposal to that ATNA profile, approved in Sept 2009, affects the transport of audit records in the ATNA profile and prompts a new policy for testing ATNA at the 2010 North American Connectathon. We want to ensure that participants are not surprised by this change.

Instructions

1. Read the policy: http://ihewiki.wustl.edu/wiki/index.php/North_America_2010#ATNA_profile_testing_policy_for_NA2010_Connectathon

2. Create a text file stating that you have read the policy and upload that file as results for test 11107. If you have questions about the policy, contact the Connectathon Manager.

11115: ATNA Audit

The 11115 series of tests are designed to test only the transport of ATNA Audit Messages.

Instructions Run test 11115-03 or 11115-04 as appropriate.

11115-01: ATNA Audit Transport RFC 3164

Should be filled in when we get chance to update for the deprecated transport.

11115-02: ATNA Audit Transport TCP

TCP is not defined as one of the IHE approved Audit Transport mechanisms. This does not correspond to anything defined by IHE. It is a tool you can use to debug your application if you suspect a problem with TLS communication.

Instructions

1. Start the MESA servers as described above. Start the MESA servers with signed certificates.
2. Send an ATNA log message to your Audit Repository using RFC 5424 and TCP in place of the TLS specified in RFC 5425:
   1. perl 11115/11115-02.pl host port
3. Examine the audit message you receive. It should contain an ATNA Actor Startup event.
4. Enter a note in Kudu indicating you received the audit message properly, including the BOM

Notes If you want to send this same message to the MESA Audit Repository:

1. perl scripts/reset_servers.pl
2. perl 11115/11115-02.pl localhost 4002
3. Look in $MESA_TARGET/logs/syslog for last_log.txt (full message) and last_log.xml (the XML part without the BOM)

11115-03: ATNA Audit Transport RFC 5425

• The only cipher that should be used is TLS_RSA_WITH_AES_128_CBC_SHA
• RFC 5425 requires TLS 1.2. This version of MESA software uses OpenSSL 0.9.8k which does not support TLS 1.2. There is some value in testing, but we need to get the proper software to test TLS 1.2.

References

Instructions

1. Start the MESA servers as described above. Start the MESA servers with signed certificates.
2. Send an ATNA log message to your Audit Repository using RFC 5424 and RFC 5425:
   1. perl 11115/11115-03.pl host port
3. Examine the audit message you receive. It should contain an ATNA Actor Startup event.
4. Enter a note in Kudu indicating you received the audit message properly, including the BOM

Notes If you want to send this same message to the MESA Audit Repository:

1. perl scripts/reset_servers.pl
2. perl 11115/11115-03.pl localhost 4003
3. Look in $MESA_TARGET/logs/syslog for last_log.txt (full message) and last_log.xml (the XML part without the BOM)

11115-04: ATNA Audit Transport RFC 5426

Instructions

1. Start the MESA servers as described above. Start the MESA servers with signed certificates.
2. Send an ATNA log message to your Audit Repository using RFC 5424 and RFC 5426:
   1. perl 11115/11115-04.pl host port
3. Examine the audit message you receive. It should contain an ATNA Actor Startup event.
4. Enter a note in Kudu indicating you received the audit message properly, including the BOM

Notes If you want to send this same message to the MESA Audit Repository:

1. perl scripts/reset_servers.pl
2. perl 11115/11115-04.pl localhost 4001
3. Look in $MESA_TARGET/logs/syslog for last_log.txt (full message) and last_log.xml (the XML part without the BOM)

11121: ATNA Audit: Patient Records

For test 11121, the system under test is asked to generate three or more audit messages. The user collects the messages and sends them to the Project Manager for distribution to other systems.

References

Instructions

1. Generate three (3) or more Audit Record messages containing at least one record for:

• User Authentication
• Patient Record Access

If the Patient Record Access is not pertinent, substitute a different event (PHI export). The third record is of your choosing.

2. Place each message in a separate XML file and tar/zip the collection together. Name the tar/zip file using the system name found in the Kudu web tool.

3. Submit the tar/zip file to the Project Manager. The Project Manager will distribute to other vendors for testing.

4. Please submit the records 2 weeks in advance of the normal deadline to allow distribution to other systems.

ATNA Audit Record Repository Test 11121: Actor Start

This sequence sends an audit record to the Audit Record Repository under test. This test covers the basic functionality of transmitting the message and the proper XML format of the message. The Actor Start message is chosen as that is required of all actors and is independent of other IHE transactions.

References

Instructions

1. If not already done, start the MESA servers according to the directions in Starting the MESA Servers.

2. If not already done, start your Audit Record Repository server.

3. Run the script that sends one message to your Audit Record Repository:

   perl 11121/11121_audit_rep.pl

4. Observe the data sent to your system. Create a text file called SYSTEM_11121.txt with the ansers to these questions.

What is the type of actor that was started and what is the name of the local user?

5. Submit the file to the Project Manager (not email).

Evaluation

Supplemental Information

ATNA Audit Record Repository Test 11122: System Configuration

This sequence sends an audit record to the Audit Record Repository under test. This test covers the basic functionality of transmitting the message and the proper XML format of the message. The System Configuration message is chosen as that is required of all actors and is independent of other IHE transactions.

References

Instructions

1. If not already done, start the MESA servers according to the directions in Starting the MESA Servers.

2. If not already done, start your Audit Record Repository server.

3. Run the script that sends one message to your Audit Record Repository:

   perl 11122/11122_audit_rep.pl

4. Observe the data sent to your system. Create a text file called SYSTEM_11122.txt with the ansers to these questions.

What was the configuration change?

What is the name of the local user who made the change?

5. Submit the file to the Project Manager (not email).

Evaluation

Supplemental Information

ATNA Audit Record Repository Test 11123: User Authentication

This sequence sends an audit record to the Audit Record Repository under test. This test covers the basic functionality of transmitting the message and the proper XML format of the message. The User Authentication message is chosen.

References

Instructions

1. If not already done, start the MESA servers according to the directions in Starting the MESA Servers.

2. If not already done, start your Audit Record Repository server.

3. Run the script that sends one message to your Audit Record Repository:

   perl 11123/11123_audit_rep.pl

4. Observe the data sent to your system. Create a text file called SYSTEM_11123.txt with the ansers to these questions.

What is the name of the authenticated user?

5. Submit the file to the Project Manager (not email).

Evaluation

Supplemental Information

ATNA Audit Record Repository Test 11125: Patient Record

This test covers all of the Audit Record messages from a sequence of events involving a number of different actors. Your system will receive all of the messages; you will then be asked to answer questions about those messages.

References

Instructions

1. If not already done, start the MESA servers according to the directions in Starting the MESA Servers.

2. If not already done, start your Audit Record Repository server.

3. Run the script that sends one message to your Audit Record Repository:

   perl 11125/11125_audit_rep.pl

4. Observe the data sent to your system. Create a text file called SYSTEM_11125.txt with the ansers to these questions.

Name all of the users who had access to the patient record of Sick^Patient

5. Submit the file to the Project Manager (not email).

Evaluation

Supplemental Information