Release Notes
- Updated CA:Aud to clarify that the creation of audit records can be done by any means (even non-standardized); querying and retrieval of audit records must be standardized (ITI-81, based on FHIR query operation), but only if the system is playing the role of a central Audit Record Repository (ARR). If the ARR is local, this is not required.
- Updated CA:Sec to clarify that there are two options for TLS: Mutual TLS and Server-side TLS (used in HTTPS).
- Updated CA:Sec Cross Profile Considerations to clarify grouping of CA:Sec actors using Server-side TLS option with the IUA profile, that also covers the ATNA STX: HTTPS IUA Option.
- Updated CA:Sec to clarify how a weak cipher is defined and provided examples.