ISO 17090-3:2008为在医疗保健中部署数字证书时涉及的证书管理问题提供了指南。它规定了证书策略的结构和最低要求，以及相关认证实践声明的结构。 ISO 17090-3:2008还确定了医疗保健安全政策中跨境通信所需的原则，并定义了所需的最低安全级别，重点关注医疗保健特有的方面。

ISO 17090-3:2008 gives guidelines for certificate management issues involved in deploying digital certificates in healthcare. It specifies a structure and minimum requirements for certificate policies, as well as a structure for associated certification practice statements. ISO 17090-3:2008 also identifies the principles needed in a healthcare security policy for cross-border communication and defines the minimum levels of security required, concentrating on aspects unique to healthcare.