4.1 Certificate programs are typically offered by community colleges and universities, government agencies, employers, independent for-profit training organizations, and professional and trade associations. While quality guidelines do exist for continuing education and training providers in general (for example, ANSI/IACET 1-2013) and for entities offering personnel certification programs (for example, ANSI/ISO/IEC 17024:2012), currently, no quality guidelines exist specifically to aid entities offering certificate programs. This practice aims to change that and has been developed to:4.1.1 Provide certificate program developers and certificate issuers guidelines for quality program development and administration;4.1.2 Form the foundation for a recognition or accreditation system, or both, that enable consumers, employers, government agencies, and others who rely upon a skilled workforce to distinguish between qualified workers and those with fraudulent or less-than-quality credentials;4.1.3 Assist stakeholders in differentiating between certificate programs from personnel certification; and4.1.4 Assist stakeholders in differentiating certificate programs from other programs that confer certificates, including but not limited to certificates of attendance or certificates of participation.4.2 Currently, it is challenging to distinguish a certificate earned through the focused learning and assessment offered through a certificate program from one granted through other means. That a certificate is issued is not a distinguishing factor. The word“ certificate” is used broadly as a document awarded to designate the attainment or completion of something. An individual might receive a certificate from an education or training provider as verification of attendance at a learning event (often called a certificate of attendance) or receive a certificate as verification of active participation in a learning event’s learning experiences (often called a certificate of participation). The distribution of a certificate, however, does not indicate that the education or training program completed was a certificate program. In a certificate program, an individual participates in a learning event or series of events designed to assist him or her in achieving specified learning outcomes within a defined scope; the individual receives a certificate only after verification of successful completion of all program requisites including but not limited to an assessment of learner attainment of intended learning outcomes.4.3 It is also important to distinguish certificate programs from the certification of individuals. Certification is a process through which a nongovernmental entity grants a time-limited recognition to an individual after verifying that he or she has met established criteria for proficiency or competency, usually through an eligibility application and assessment. While certification eligibility criteria may specify a certain type or amount of education or training, the learning event(s) are not typically provided by the certifying body. Instead, the certifying body verifies education or training and experience obtained elsewhere through an application process and administers a standardized assessment of current proficiency or competency.4.4 In contrast, in a certificate program the learning event(s) and the assessment(s) are both developed and administered by the certificate issuer, and there is an essential link between them. That is, the learning event(s) are designed to help participants achieve learning outcomes and the assessment is designed to evaluate the learners’ attainment of those intended learning outcomes.4.5 Also, certifications have ongoing requirements for maintaining proficiency/competency and can be revoked for not meeting these ongoing requirements. In contrast, certificates do not have ongoing maintenance or renewal requirements and therefore, cannot be revoked.1.1 This practice provides guidance to certificate issuers for developing and administering quality certificate programs and to stakeholders for determining the quality of certificate programs.1.2 This practice includes requirements for both the entity issuing the certificate and requirements for the specific certificate programs for which it issues certificates.1.3 This practice provides the foundation for the recognition or accreditation, or both, of a specific entity to issue a specific certificate or certificates to individuals after successful completion of a certificate program.1.4 This practice does not address guidance pertaining to certification of individuals nor does it address guidance pertaining to education or training programs in general, including those that issue certificates of participation or certificates of attendance.1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

定价： 590元 / 折扣价： 502 元 加购物车

The policy defined by this practice is written from the perspective of healthcare relying parties. It defines a set of requirements to ensure that certificates, used for authentication, authorization, confidentiality, integrity, and nonrepudiation of health information by healthcare organizations and persons, have a minimally sufficient assurance level.This policy defines a healthcare public key infrastructure that can be used to implement other ASTM standards including Specification E2084 and Guide E2086.CA that implement procedures satisfying each requirement of the policy should reference the policy's OID in the appropriate fields within its certificates. Relying parties can recognize the inclusion of the policy's OID as an indication that the issuing CA has conformed to the requirements of the policy and that the certificates referencing the policy's OID may be used for healthcare purposes.CA that do not comply with all provisions of the policy must not assert the policy's OID in its certificates. A CA that complies with all but a limited number of provisions may reference the policy in its own policy, provided that it clearly states the specific deviations. For example, a healthcare organization might operate an internal CA that complies with all of the provisions of the basic individual certificate class except that it uses a noncomplying cryptographic module for the CA signer keys. The organization might want to use the policy as the basis for establishing trust with external relying parties. While it may not directly assert this policy using the OID, it may reference the policy in a document that includes statements explaining measures it has taken to protect the integrity of the CA signing key. Relying parties or CA wishing to facilitate cross-trust relationships must then make their own risk analysis to determine if the modified policy is adequate for the proposed usage. This assessment, while not as easy as that based upon full compliance, should be significantly facilitated by treating the policy as a reference standard from which to judge the modifications.Certificates and the certificate issuance process can vary in at least three distinct ways. The most frequently cited variation is about assurance. Assurance levels vary depending upon the degree of diligence applied in the registration, key generation, certificate issuance, certificate revocation, and private key protection. The required assurance level depends on the risks associated with a potential compromise. The federal PKI, among others, divides assurance into three classes. Rudimentary assurance involves very little control of either the registration process or key security. The federal PKI does not consider rudimentary assurance appropriate for healthcare use. Medium assurance involves a higher degree of diligence in the registration process and requires a number controls over CA keys. Medium assurance is designed for moderate risk applications. High assurance adds additional controls on the CA and subscriber keys as well as careful division of roles in the issuance process. These additions make high assurance certificates more appropriate for higher risk applications. Certificates may also vary depending upon the type of entity whose identity is bound to the certificate. Finally, certificates are often described in terms of appropriate and inappropriate uses.The policy does not define certificates in terms of assurance levels. Instead, it defines three classes of certificates (entity, basic individual, and clinical individual) that differ in terms of their primary intended use or purpose and in terms of their intended subscriber type. The three certificate classes are ordered so that the clinical individual certificate must meet all the requirements of the basic individual certificate and the basic individual certificate must meet all the requirements of the entity certificate.It is anticipated that the policy will be used to facilitate cross-licensing between healthcare CA. The policy is intended to provide a common reference point for establishing compatibility of purposes, representations, and practices among a number of autonomous healthcare CA.1.1 This practice covers a policy (“the policy”) for digital certificates that support the authentication, authorization, confidentiality, integrity, and nonrepudiation requirements of persons and organizations that electronically create, disclose, receive, or otherwise transact health information.1.2 This practice defines a policy for three classes of certificates: (1) entity certificates issued to computing components such as servers, devices, applications, processes, or accounts reflecting role assignment; (2) basic individual certificates issued to natural persons involved in the exchange of health information used for healthcare provisioning; and (3) clinical individual certificates issued to natural persons and used for authentication of prescriptive orders relating to the clinical treatment of patients.1.3 The policy defined by this practice covers: (1) definition of healthcare certificates, healthcare certification authorities, healthcare subscribers, and healthcare relying parties; (2) appropriate use of healthcare certificates; (3) general conditions for the issuance of healthcare certificates; (4) healthcare certificate formats and profile; and (5) requirements for the protection of key material.1.4 The policy establishes minimum responsibilities for healthcare certification authorities, relying parties, and certificate subscribers.

定价： 0元 / 折扣价： 0 元