Professional Documents
Culture Documents
Iec TR 80001-2-8-2016
Iec TR 80001-2-8-2016
TE CH N I CAL
R E POR T
C o p yri g h t © 2 0 1 6 I E C , G e n e va , Sw i t z e rl a n d
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
IEC Central Office Tel.: +41 22 91 9 02 1 1
3, rue de Varembé Fax: +41 22 91 9 03 00
CH-1 21 1 Geneva 20 info@iec.ch
Switzerland www.iec.ch
Abo u t th e I E C
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
Ab o u t I E C p u b l i c a t i o n s
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
I EC C atal og u e - webstore. i ec. ch /catal o g u e E l ectro ped i a - www. el ectro ped i a. org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 1 5 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.
I EC pu bl i cati on s search - www. i ec. ch /search pu b I E C G l o ssary - s td . i ec. ch /g l ossary
The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and
CISPR.
I EC J u st Pu bl i s h ed - webstore. i ec. ch /j u stp u bl i s h ed
Stay up to date on all new IEC publications. Just Published I E C Cu s to m er S ervi ce Cen tre - webstore. i ec. ch /csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.
I E C TR 80001 -2-8
TECH N I CAL
R E POR T
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
Warn i n g ! M ake su re th at you obtai n ed th i s pu bl i cati on from an au th ori zed d i stri bu tor.
–2– I EC TR 80001 -2-8:201 6 © I EC 201 6
CONTENTS
FOREWORD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
I N TRODU CTI ON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2 N ormati ve references. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3 Terms an d defin i tions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 0
4 Gu idance for establ ish ing SECU RI TY CAPABI LI TI ES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 3
4. 1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 3
4. 2 Au tomatic log off – ALOF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 4
4. 3 Au dit controls – AU DT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 5
4. 4 Au thorization – AU TH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 7
4. 5 Con fig u rati on of secu ri ty featu res – CN FS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 9
4. 6 Cyber secu rity product upg rades – CSU P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4. 7 H EALTH DATA de-iden ti fication – DI DT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4. 8 Data backu p and disaster recovery – DTBK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4. 9 Em erg ency access – EM RG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4. 1 0 H EALTH DATA in teg ri ty and au th en ticity – I GAU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4. 1 1 M alware detection /protection – MLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4. 1 2 N ode au thentication – N AU T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4. 1 3 Person au then tication – PAU T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4. 1 4 Ph ysical locks on device – PLOK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4. 1 5 Third-party componen ts in produ ct li fecycle roadm aps – RDMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4. 1 6 System an d application hardening – SAH D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
4. 1 7 Secu rity g u ides – SGU D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
4. 1 8 H EALTH DATA storag e confiden tial ity – STCF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
4. 1 9 Transm issi on con fiden tial ity – TXCF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
4. 20 Transm issi on in tegrity – TXI G . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Bi bliog raph y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
The main task of I EC tech nical commi ttees is to prepare I n ternational Standards. H owever, a
techn ical com m ittee may propose th e pu bl ication of a techn ical report wh en it has collected
data of a differen t kin d from th at wh ich is normall y pu blished as an I nternational Standard, for
exam pl e "state of th e art".
I EC 80001 -2-8, wh ich i s a techn ical report, h as been prepared by su bcomm i ttee 62A:
Comm on aspects of electrical equ ipm en t u sed in medical practice, of I EC tech n ical comm i ttee
62: Electrical equi pm en t in medical practice, an d I SO techn ical com m ittee 21 5: H ealth
in formatics. 1 )
___________
1 ) Th i s d ocu m en t con tai n s ori g i n al m ateri al th at i s © 201 3, Du n d al k I n sti tu te of Tech n ol og y, I rel an d . Perm i ssi on i s
g ran ted to I SO an d I EC to reprod u ce an d ci rcu l ate th i s m ateri al , th i s bei n g wi th ou t prej u d i ce to th e ri g h ts of
Du n d al k I n sti tu te of Tech n ol og y to expl oi t th e ori g i n al text el sewh ere.
I EC TR 80001 -2-8:201 6 © I EC 201 6 –5–
The text of th is techn ical report is based on the fol lowin g docu men ts of I EC:
Fu ll in formati on on the votin g for the approval of th is technical report can be fou nd in th e
report on voting indicated in th e above tabl e. I n I SO, the standard has been approved by
1 4 P-m embers ou t of 31 h aving cast a vote.
Terms used th rou g hou t this techn ical report that have been defin ed in Clau se 3 appear i n
SM ALL CAPI TALS .
A list of all parts of the I EC 80001 seri es, pu blish ed u nder the g eneral titl e Application of risk
management for it-networks incorporating medical devices, can be foun d on the I EC websi te.
The commi ttee has decided that th e con ten ts of th is pu bl icati on wi ll remain u nchan ged u n ti l
the stabili ty date in dicated on th e I EC websi te u nder "h ttp://webstore. iec. ch " in the data
rel ated to the speci fic publ ication . At th is date, the publ ication will be
• recon firmed,
• withdrawn,
• replaced by a revised edi ti on , or
• amended.
A bi li ng u al version of th is pu blicati on m ay be issued at a later date.
–6– I EC TR 80001 -2-8:201 6 © I EC 201 6
I NTRODUCTI ON
The I EC 80001 -1 standard, the Application of risk management to IT-networks incorporating
medical devices, provides the roles, responsibili ties and acti vi ties n ecessary for RI SK
M AN AG EM EN T . I EC TR 80001 -2-2, th e Application of risk management for IT-networks
incorporating medical devices – Part 2-2: Guidance for the disclosure and communication of
medical device security needs, risks and controls is a tech nical report that provides addi ti onal
g u i dance i n relation to h ow SECU RI TY CAPABI LI TI ES migh t be referenced (disclosed an d
discu ssed) in both the RI SK M AN AG EM EN T PROCESS and stakeholder commu n ications and
agreemen ts. Th is tech nical report provides g u idance for the establishm en t of each of the
SECU RI TY CAPABI LI TI ES presen ted i n I EC TR 80001 -2-2.
I EC TR 80001 -2-2 contains an in formati ve set of com mon , descriptive SECU RI TY CAPABI LI TI ES
in tended to be th e startin g poi nt for a secu ri ty-cen tric discu ssion between the vendor and
pu rch aser or am ong a larg er g rou p of stakeholders involved i n a M EDI CAL DEVI CE I T- N ETWORK
project. Scalabi li ty is possible across a ran ge of different sizes of RESPON SI BLE ORG AN I ZATI ON S
(henceforth called healthcare del ivery org an izations – H DOs) as each eval u ates RI SK u sin g
th e SECU RI TY CAPABI LI TI ES and decides what to inclu de or not to inclu de accordin g to their RI SK
tolerance and availabl e resou rces. Th is docum entation can be u sed by H DOs as input to their
I EC 80001 PROCESS or to form the basis of RESPON SI BI LI TY AG RE EM EN TS among stakeholders.
Other I EC 80001 techn ical reports wil l provide step-by-step g u idance in th e RI SK M AN AG E M EN T
PROCESS . I EC TR 80001 -2-2 SECU RI TY CAPABI LI TI ES encourag e the disclosu re of m ore detai led
SECU RI TY CON TROLS . Th is tech nical report identifies SE CU RI TY CON TROLS from key security
standards wh ich aim to provide g u idance to a RESPON SI BLE ORG AN I ZATI ON wh en adaptin g th e
framework ou tlined i n I EC TR 80001 -2-2.
The fram ework ou tl ined in I EC TR 80001 -2-2 requ ires shared responsi bil ity between H DOs
and M EDI CAL DEVI CE man u facturers (MDMs) . Si m ilarly, this gu idance applies to both
stakeholders, as a shared responsibility, to ensu re safe M EDI CAL DEVI CE I T n etworks. I n order
to bu il d a secu re M EDI CAL DEVI CE I T n etwork a join t effort from both stakeholders is requ ired.
Th is report presen ts the 1 9 SECU RI TY CAPABI LI TI ES , their respective “requ irem ent goal” and
“user need” (i den tical to that i n I EC TR 80001 -2-2) wi th a correspon ding list of SECU RI TY
CON TROLS from a n um ber of secu rity standards. Th e secu rity standards u sed for mapping
SECU RI TY CON TROLS to SE CU RI TY CAPABI LI TI ES inclu de 4) :
___________
4) Th e sel ecti on of secu ri ty stan d ard s u sed i n th i s tech n i cal report d oes n ot represen t an exh au sti ve l i st of al l
poten ti al l y u sefu l stan d ard s.
–8– I EC TR 80001 -2-8:201 6 © I EC 201 6
1 ) select con trols wi th in the PROCESS of im plemen tin g a M EDI CAL DEVI CE system based on
I SO I EC 27001 ;
2) im plemen t comm on l y accepted in form ation SECU RI TY CON TROLS ;
3) develop their own in formation secu ri ty m anag emen t g u idel ines .
• I SO 27799:— 5) , Health informatics – Information security management in health using ISO
IEC 27002
Th is standard defi nes g u idelines to su pport th e interpretati on and i mplemen tation in health
i n formatics of I SO I EC 27002 and is a companion to that stan dard.
I t speci fi es a set of detai led controls for m anagi ng health in form ation security and provi des
h eal th information secu ri ty best practice g u ideli nes. By i mplemen ti ng th is I n ternati onal
Standard, H DOs and other custodians of health in formation will be abl e to ensu re a
m ini mu m requ isi te level of secu rity th at is appropriate to thei r org anization 's
circu mstances and that will m ain tain the con fiden tiality, in teg ri ty and avai lability of
personal heal th in form ation .
___________
5) To be pu bl i sh ed .
I EC TR 80001 -2-8:201 6 © I EC 201 6 –9–
1 Scope
Th is part of I EC 80001 , wh ich is a Tech nical Report, provides g u idance to H ealth Del ivery
Organizati ons (H DOs) and M EDI CAL DEVI CE m an u factu rers (MDMs) for th e application of the
framework ou tlined in I EC TR 80001 -2-2. Managin g the RI SK in conn ecti ng M EDI CAL DEVI CES to
I T- N ETWORKS requ ires the discl osu re of secu rity-related capabil ities an d RI SKS .
I EC TR 80001 -2-2 presen ts a framework for th is disclosu re and the secu ri ty dialog that
su rrou nds the I EC 80001 -1 RI SK M AN AG EM EN T of I T- N ETWORKS . I EC TR 80001 -2-2 presen ts an
i n formative set of common , descriptive security-related capabilities th at are usefu l in terms of
g ai ning an u nderstan ding of u ser needs. This report addresses each of th e SECU RI TY
CAPABI LI TI E S an d iden ti fies SECU RI TY CON TROLS for consideration by H DOs an d MDMs during
RI SK M AN AG EM EN T acti vi ti es, su ppl ier selection, device selection , devi ce impl ementation ,
operation etc.
I t is not inten ded that the secu ri ty standards referenced herein are exhausti ve of all u sefu l
standards; rather, the pu rpose of this technical report is to iden ti fy SECU RI TY CON TROLS , which
exist in these particu lar secu ri ty stan dards (listed in the introdu ction of th is tech nical report) ,
that apply to each of the SECU RI TY CAPABI LI TI E S .
Th is report provides g u idance to H DOs and MDMs for th e selection an d impl em entation of
man ag ement, operational , admin istrative and techn ical SECU RI TY CON TROLS to protect the
con fi den tiali ty, in teg ri ty, availability and accou n tability of data and systems durin g
development, operation and disposal.
Al l 1 9 SECU RI TY CAPABI LI TI ES are not requ ired i n every case and th e i den ti fied SECU RI TY
CAPABI LI TI ES i nclu ded in this report sh ou ld not be considered exhaustive in natu re. The
selection of SECU RI TY CAPABI LI TI ES and SECU RI TY CON TROLS sh ou ld be based on th e RI SK
EVALU ATI ON and th e RI SK tolerance wi th consi deration for protection of pati ent SAFETY , l ife an d
h eal th . I N TEN DED U SE , operational en vironmen t, n etwork structure and local factors shou ld
also determi ne wh ich SECU RI TY CAPABI LI TI ES are necessary and wh ich SECU RI TY CON TROLS
m ost su i tably assist in establishin g th at SECU RI TY CAPABI LI TY .
2 Normative references
The following docu men ts, in wh ole or in part, are n orm ati vel y referenced in this docu m en t and
are indispensabl e for i ts application . For dated references, on ly the edition cited appli es. For
u ndated references, th e latest edition of th e referenced docu men t (inclu din g an y
amendm ents) appl ies.
3.1
DATA AND SYSTEMS SECURITY
operati onal state of a M EDI CAL I T-N ETWORK in which in formation assets (data and systems) are
reasonabl y protected from deg radation of confidentiali ty, in teg ri ty, an d avai labil ity
3.2
EFFECTIVENESS
abil i ty to produce th e in tended resu lt for the patien t and the RESPON SI BLE ORG AN I ZATI ON
3.3
HARM
ph ysical in ju ry or dam ag e to th e health of people, or dam age to property or the en vironm en t,
or reduction in EFFECTI VEN ESS , or breach of DATA AN D SYSTEM S SECU RI TY
3.4
HAZARD
poten tial sou rce of H ARM
3.5
HEALTH DATA
PRI VATE DATA that indicates ph ysical or men tal heal th
N ote 1 to en try: Th i s term g en eri cal l y d efi n es P RI VATE D ATA an d i t su bset, H E ALTH D ATA , wi th i n th i s report to perm i t
u sers of th i s report to ad apt i t easi l y to d i fferen t pri vacy com pl i an ce l aws an d reg u l ati ons. For exam pl e, i n Eu rope,
th e req u i rem en ts m i g h t be taken an d referen ces ch an g ed to “Person al Data” an d “Sen si ti ve Data”; i n th e U SA,
H E ALTH D ATA m i g h t be ch an g ed to “Protected H eal th I n form ati on (PH I ) ” wh i l e m aki n g ad j u stm en ts to text as
n ecessary.
3.6
INTENDED USE
INTENDED PURPOSE
u se for which a produ ct, PROCESS or service i s in ten ded accordin g to the specifi cations,
instru cti ons and in formation provided by the manu facturer
___________
6) I EC TR 80001 -2-2 con tai n s m an y ad d i ti on al stan d ards, pol i ci es an d referen ce m ateri al s wh i ch are al so
i n di spen sabl e for th e appl i cati on of th i s Tech n i cal Report.
I EC TR 80001 -2-8:201 6 © I EC 201 6 – 11 –
3.7
IT- NETWORK
INFORMATION TECHNOLOGY NETWORK
system or systems composed of comm u n icating nodes and transmission l inks to provide
ph ysical l y l inked or wireless transm ission between two or more speci fi ed commu nication
nodes
3.8
MEDICAL DEVICE
means an y instru men t, apparatu s, i mplemen t, mach in e, appliance, implant, in vitro reagen t or
cal ibrator, software, materi al or oth er sim i lar or related article:
a) i ntended by th e manu factu rer to be u sed, alone or i n combin ation , for h u man bein gs for
one or more of the specifi c pu rpose(s) of:
– diagnosis, prevention , moni toring , treatment or al leviation of disease,
– diag nosis, moni toring , treatment, all evi ation of or compensation for an in jury,
– i nvestig ati on, replacement, modification , or su pport of the an atomy or of a
ph ysi ol og ical PROCE SS ,
– su pporti ng or sustai n ing li fe,
– con trol of conception ,
– disin fection of M EDI CAL DEVI CES ,
– providing information for medical or di ag n ostic pu rposes by means of in vitro
exam in ati on of specimens deri ved from the hu man body; and
b) wh ich does n ot ach ieve i ts primary in ten ded action in or on the h u m an body by
pharmacolog ical , im mun olog ical or m etabolic m eans, bu t wh ich may be assisted i n its
i n tended fu nction by su ch means.
N ote 1 to en try: Th e d efi n i ti on of a d evi ce for in vitro exam i n ati on i n cl u des, for exam pl e, reag en ts, cal i brators,
sam pl e col l ecti on an d storag e d evi ces, con trol m ateri al s, an d rel ated i n stru m en ts or apparatu s. Th e i n form ati on
provi d ed by su ch an in vitro d i ag n osti c d evi ce m ay be for d i ag n osti c, m on i tori n g or com pati bi l i ty pu rposes. I n som e
j u ri sdi cti on s, som e in vitro di ag n osti c d evi ces, i n cl u di n g reag en ts an d th e l i ke, m ay be covered by separate
reg u l ati on s.
N ote 2 to en try: Prod u cts wh i ch m ay be con si d ered to be M ED I CAL D E VI CE S i n som e j u ri sd i cti on s bu t for wh i ch
th ere i s n ot yet a h arm on i zed approach , are:
– ai ds for di sabl ed /h an di capped peopl e;
– d evi ces for th e treatm en t/di ag n osi s of d i seases an d i n j u ri es i n an i m al s;
– accessori es for M E D I C AL D EVI CE S (see N ote to en try 3) ;
– d i si n fecti on su bstan ces;
– d evi ces i n corporati n g an i m al an d h u m an ti ssu es wh i ch m ay m eet th e req u i rem en ts of th e above d efi n i ti on bu t
are su bj ect to d i fferen t con trol s.
N ote 3 to en try: Accessori es i n ten d ed speci fi cal l y by m an u factu rers to be u sed tog eth er wi th a ‘ paren t’ M ED I CAL
D E VI CE to en abl e th at M E D I CAL D E VI CE to ach i eve i ts I N TEN D ED P U R POSE sh ou l d be su bj ect to th e sam e G H TF
procedu res as appl y to th e M E D I CAL D EVI C E i tsel f. For exam pl e, an accessory wi l l be cl assi fi ed as th ou g h i t i s a
M E D I CAL D EVI C E i n i ts own ri g h t. Th i s m ay resu l t i n th e accessory h avi n g a d i fferen t cl assi fi cati on th an th e ‘ paren t’
d evi ce.
N ote 4 to en try: Com pon en ts to M ED I C AL D E VI C E S are g en eral l y con trol l ed th rou g h th e m an u factu rer’ s q u al i ty
m an ag em en t system an d th e con form i ty assessm en t proced u res for th e devi ce. I n som e j u ri sdi cti on s, com pon en ts
are i n cl u d ed i n th e d efi n i ti on of a ‘ m ed i cal d evi ce’ .
3.9
MEDICAL IT- NETWORK
I T- N ETWORK th at i ncorporates at least one M EDI CAL DE VI CE
– 12 – I EC TR 80001 -2-8:201 6 © I EC 201 6
3.1 0
OPERATOR
person handli ng equ ipmen t
3.1 1
PRIVATE DATA
an y in formati on relating to an iden ti fied or iden ti fiable person
3.1 2
PROCESS
set of i n terrelated or in teractin g acti vi ti es wh ich transforms in pu ts in to ou tpu ts
3.1 3
RESPONSIBILITY AGREEMENT
one or more docu m en ts that tog ether fu l l y define th e responsibilities of all relevant
stakeholders
3.1 4
RESPONSIBLE ORGANIZATION
entity accoun table for the use and main tenance of a M EDI CAL I T- N ETWORK
[SOU RCE: I EC 80001 -1 :201 0, 2. 22, m odi fied – Th e notes have been deleted. ]
3.1 5
RISK
combin ation of the probabi li ty of occu rrence of H ARM an d the severity of that H ARM
3.1 6
RISK ANALYSIS
systematic u se of avai lable in formation to i den ti fy H AZARDS and to estimate the RI SK
3.1 7
RISK ASSESSMENT
overal l PROCE SS comprising a RI SK AN ALYSI S and a RI SK EVALU ATI ON
3.1 8
RISK EVALUATION
PROCESS of com parin g the estim ated RI SK ag ainst g iven RI SK cri teria to determ i ne the
acceptabil i ty of the RI SK
3.1 9
RISK MANAGEMENT
systematic applicati on of manag em en t policies, procedures and practices to the tasks of
anal yzi ng , evalu ati ng , con troll in g , and monitori ng RI SK
3.20
SAFETY
freedom from u nacceptable RI SK of physical i nju ry or damag e to the h eal th of people or
dam ag e to property or the en vironmen t
3.21
SECURITY CAPABILITY
broad categ ory of techn ical, adm inistrati ve or organizati onal controls to man ag e RI SKS to
con fidential ity, i nteg rity, availabi li ty an d accoun tabili ty of data and systems
3.22
SECURITY CONTROL
m anag ement, operational, and technical controls (i. e. , safeg u ards or cou n term easures)
prescribed for an in formation system to protect th e confidentiali ty, in tegrity, an d avai labil ity of
the system and i ts i n form ation
3.23
VERIFICATION
confirmation th rou g h provision of objective evidence that speci fied requ irem ents h ave been
fu l filled
• N I ST SP-800-53;
• I SO I EC 1 5408-2;
• I SO I EC 1 5408-3;
• I EC 62443-3-3;
Operational /adm in istrative SECU RI TY CON TROLS :
• I SO I EC 27002;
• I SO 27799.
For i nfrastructure and M EDI CAL I T N E TWORK SECU RI TY CON TROLS , I SO I EC 27002 and
I SO 27799 are grou ped tog ether in the below tables as th e standards are fu ll y al ig n ed.
– 14 – I EC TR 80001 -2-8:201 6 © I EC 201 6
I SO I EC 27002 speci fies a set of detai l ed con trols for man ag ing in form ation security.
I SO 27799 specifies addi tional gu i dance specifical l y for heal th information secu ri ty an d
provides heal th in form ation secu ri ty best practice g u idelines.
Table 1 (continued)
Table 2 (continued)
Standard Reference Control
I SO I EC 27002 5. 1 . 1 Pol i ci es for i n form ati on secu ri ty
I SO 27799 5. 1 . 2 Revi ew of th e i n form ati on secu ri ty pol i cy
6. 1 . 2 Seg reg ati on of d u ti es
6. 2. 2 Tel eworki n g
1 2. 4. 1 Even t l og g i n g
1 2. 4. 2 Protecti on of l og i n form ati on
1 2. 4. 3 Ad m i n i strator an d OP E RATOR l og s
1 2. 4. 4 Cl ock syn ch ron i sati on
1 2. 7. 1 I n form ati on system s au di t con trol s
1 6. 1 . 7 Col l ecti on of evi d en ce
1 8. 1 . 3 Protecti on of records
1 8. 1 . 4 Pri vacy an d protecti on of person al l y i d en ti fi abl e i n form ati on
Table 3 (continued)
Standard Reference Control
I SO I EC 27002 1 2. 1 . 1 Docu m en ted operati n g proced u res
I SO 27799 1 3. 1 . 3 Seg reg ati on i n n etworks
1 3. 2. 4 Con fi d en ti al i ty or n on -d i scl osu re ag reem en ts
Table 4 (continued)
Table 5 (continued)
Reference Control
SP 800-53 I A-9 Servi ce i d en ti fi cati on an d au th en ti cati on
M A-1 System m ai n ten an ce pol i cy an d proced u res
M A-2 Con trol l ed m ai n ten an ce
M A-3 M ai n ten an ce tool s
M A-4 N on l ocal m ai n ten an ce
M A-5 M ai n ten an ce person n el
M A-6 Ti m el y m ai n ten an ce
M P-1 M ed i a protecti on pol i cy an d proced u res
SA-8 Secu ri ty en g i n eeri n g pri n ci pl es
SA-1 1 Devel oper secu ri ty testi n g an d eval u ati on
SA-1 4 Cri ti cal i ty an al ysi s
SI -1 1 Error h an dl i n g
I SO I EC 1 5408-2 No applicable SE CU RI TY C ON TROL s
Table 7 (continued)
Standard Reference Control
I EC 62443-3-3 SR 2. 8 Au d i tabl e even ts
SR 3. 6 Determ i n i sti c ou tpu t
SR 7. 3 Con trol system backu p
SR 7. 4 Con trol system recovery an d recon sti tu ti on
I SO I EC 27002 5. 1 . 1 Pol i ci es for i n form ati on secu ri ty
I SO 27799 5. 1 . 2 Revi ew of th e i n form ati on secu ri ty pol i cy
6. 1 . 1 I n form ati on secu ri ty rol es an d respon si bi l i ti es
6. 1 . 3 Con tact wi th au th ori ti es
1 1 .1 .4 Protecti n g ag ai n st extern al an d en vi ron m en tal th reats
1 2. 1 . 1 Docu m en ted operati n g proced u res
1 2. 3. 1 I n form ati on backu p
1 6. 1 . 1 Respon si bi l i ti es an d proced u res
1 6. 1 . 2 Reporti n g i n form ati on secu ri ty even ts
1 6. 1 . 5 Respon se to i n form ati on secu ri ty i n ci den ts
1 6. 1 . 6 Learn i n g from i n form ati on secu ri ty i n ci d en ts
1 6. 1 . 7 Col l ecti on of evi d en ce
1 7. 1 . 1 Pl an n i n g i n form ati on secu ri ty con ti n u i ty
1 7. 1 . 2 I m pl em en ti n g i n form ati on secu ri ty con ti n u i ty
1 7. 1 . 3 Veri fy, revi ew an d eval u ate i n form ati on secu ri ty con ti n u i ty
1 8. 1 . 3 Protecti on of records
1 8. 1 . 4 Pri vacy an d protecti on of person al l y i d en ti fi abl e i n form ati on
I EC 62443-3-3 SR 1 . 4 I d en ti fi er m an ag em en t
SR 1 . 5 Au th en ti cator m an ag em en t
SR 2. 8 Au d i tabl e even ts
I SO I EC 27002 5. 1 . 1 Pol i ci es for i n form ati on secu ri ty
I SO 27799 5. 1 . 2 Revi ew of th e i n form ati on secu ri ty pol i cy
6. 1 . 1 I n form ati on secu ri ty rol es an d respon si bi l i ti es
7. 2. 2 I n form ati on secu ri ty awaren ess, ed u cati on an d trai n i n g
9. 1 . 1 Access con trol pol i cy
9. 1 . 2 Access to n etworks an d n etwork servi ces
9. 2. 2 U ser access provi si on i n g
9. 2. 3 M an ag em en t of pri vi l eg ed access ri g h ts
9. 2. 5 Revi ew of u ser access ri g h ts
9. 4. 1 I n form ati on access restri cti on
9. 4. 4 U se of pri vi l eged u ti l i ty prog ram s
1 2. 1 . 1 Docu m en ted operati n g proced u res
1 2. 4. 1 Even t l og g i n g
1 7. 1 . 1 Pl an n i n g i n form ati on secu ri ty con ti n u i ty
1 7. 1 . 2 I m pl em en ti n g i n form ati on secu ri ty con ti n u i ty
1 7. 1 . 3 Veri fy, revi ew an d eval u ate i n form ati on secu ri ty con ti n u i ty
Table 1 0 (continued)
Standard Reference Control
I SO I EC 1 5408-2 FPT_TST Sel f test
FAU _ARP Secu ri ty au di t au tom ati c respon se
FAU _SAA Secu ri ty au di t an al ysi s
FDP_I FF I n form ati on fl ow con trol fu n cti on s
FDP_I TT I n tern al TOE tran sfer
FDP_SDI Stored d ata i n teg ri ty
FDP_U I T I n ter_TSF u ser d ata i n teg ri ty tran sfer protecti on
FPT_FLS Fai l secu re
FPT_I TI I n teg ri ty of exported TSF d ata
FPT_RPL Repl ay d etecti on
FPT_TRC I n tern al TOE TSF d ata repl i cati on con si sten cy
I SO I EC 1 5408-3 ADV_I M P I m pl em en tati on represen tati on
ADV_I N T TSF i n tern al s
ADV_TDS TOE d esi g n
ALC_DVS Devel opm en t secu ri ty
ALC_FLR Fl aw Rem edi ati on
I EC 62443-3-3 SR 1 . 2 Software P ROC ES S an d d evi ce i den ti fi cati on an d
au th en ti cati on
SR 2. 3 U se con trol for portabl e an d m obi l e devi ces
SR 3. 2 M al i ci ou s cod e protecti on
SR 3. 3 Secu ri ty fu n cti on al i ty VE RI FI CATI ON
SR 5. 3 G en eral pu rpose person -to-person com m u n i cati on
restri cti on s
SR 6. 2 Con ti n u ou s m on i tori n g
I SO I EC 27002 5. 1 . 1 Pol i ci es for i n form ati on secu ri ty
I SO 27799 5. 1 . 2 Revi ew of th e i n form ati on secu ri ty pol i cy
6. 1 . 4 Con tact wi th speci al i n terest g rou ps
6. 2. 1 M obi l e d evi ce pol i cy
7. 2. 2 I n form ati on secu ri ty awaren ess, edu cati on an d trai n i n g
9. 1 . 2 Access to n etworks an d n etwork servi ces
1 0. 1 . 1 Pol i cy on th e u se of cryptog raph i c con trol s
1 1 . 2. 4 Eq u i pm en t m ai n ten an ce
1 2. 1 . 2 Ch an g e m an ag em en t
1 2. 2. 1 Con trol s ag ai n st m al ware
1 2. 4. 1 Even t l og g i n g
1 2. 4. 2 Protecti on of l og i n form ati on
1 2. 4. 3 Ad m i n i strator an d OPE R ATOR l og s
1 2. 4. 4 Cl ock syn ch ron i sati on
1 2. 5. 1 I n stal l ati on of software on operati on al system s
1 2. 6. 1 M an ag em en t of tech n i cal vu l n erabi l i ti es
1 2. 6. 2 Restri cti on s on software i n stal l ati on
– 32 – I EC TR 80001 -2-8:201 6 © I EC 201 6
Table 1 0 (continued)
I SO I EC 27002 1 2. 7. 1 I n form ati on system s au di t con trol s
I SO 27799 1 3. 1 . 1 N etwork con trol s
1 3. 1 . 2 Secu ri ty of n etwork servi ces
1 3. 1 . 3 Seg reg ati on i n n etworks
1 3. 2. 1 I n form ati on tran sfer pol i ci es an d proced u res
1 3. 2. 3 El ectron i c m essag i n g
1 4. 2. 2 System ch an g e con trol procedu res
1 4. 2. 3 Tech n i cal revi ew of appl i cati on s after operati n g pl atform
ch an g es
1 4. 2. 4 Restri cti on s on ch an g es to software packag es
1 4. 2. 7 Ou tsou rced d evel opm en t
1 4. 2. 8 System secu ri ty testi n g
1 4. 2. 9 System acceptan ce testi n g
1 6. 1 . 2 Reporti n g i n form ati on secu ri ty even ts
1 6. 1 . 7 Col l ecti on of evi d en ce
1 8. 2. 2 Com pl i an ce wi th secu ri ty pol i ci es an d stan d ard s
Table 1 1 (continued)
Standard Reference Control
SP 800-53 I A-2 I d en ti fi cati on an d au th en ti cati on (org an i zati on al u sers)
I A-3 Devi ce i d en ti fi cati on an d au th en ti cati on
I A-4 I d en ti fi er m an ag em en t
I A-5 Au th en ti cator m an ag em en t
I A-7 Cryptog raph i c m od u l e au th en ti cati on
I A-8 I d en ti fi cati on an d au th en ti cati on (n on -org an i zati on al u sers)
I A-1 0 Ad apti ve i d en ti fi cati on an d au th en ti cati on
I A-1 1 Re-au th en ti cati on
M A-1 System m ai n ten an ce pol i cy an d proced u res
M A-4 N on l ocal m ai n ten an ce
SC-1 2 Cryptog raph i c key establ i sh m en t an d m an ag em en t
SC-1 3 Cryptog raph i c protecti on
I SO I EC 1 5408-2 FAU _G EN Secu ri ty au d i t d ata g en erati on
FAU _SAA Secu ri ty au di t an al ysi s
FCO_N RO N on -repu d i ati on of ori g i n
FCO_N RR N on -repu d i ati on of recei pt
FCS_CKM Cryptog raph i c key m an ag em en t
FCS_COP Cryptog raph i c operati on
FI A_AFL Au th en ti cati on fai l u res
FI A_ATD U ser attri bu te defi n i ti on
FI A_SOS Speci fi cati on of secrets
FI A_U AU U ser au th en ti cati on
FI A_U I D U ser i d en ti fi cati on
FM T_M SA M an ag em en t of secu ri ty attri bu tes
FPT_RPL Repl ay d etecti on
FTA_LSA Li m i tati on on scope of sel ectabl e attri bu tes
FTA_TSE TOE sessi on establ i sh m en t
FTP_I TC I n ter-TSF tru sted ch an n el
I SO I EC 1 5408-3 No applicable SE CU RI TY C ON TROLS
Table 1 1 (continued)
Table 1 2 (continued)
Table 1 3 (continued)
U ser need: H DO con tracts, policy and reg ul ations requ ire th at vendors
m ain tain /su pport th e system du ri ng product li fe.
Sales an d service are well informed abou t secu ri ty su pport offered per
produ ct du ring i ts l i fe cycle.
– 40 – I EC TR 80001 -2-8:201 6 © I EC 201 6
Table 1 4 (continued)
Standard Reference Control
SP 800-53 SA-1 2 Su ppl y ch ai n protecti on
SA-1 5 Devel opm en t PR OCE S S , stan dard s an d tool s
SA-1 6 Devel oper-provi d ed trai n i n g
SA-1 7 Devel oper secu ri ty archi tectu re an d d esi g n
SA-21 Devel oper screen i n g
I SO I EC 1 5408-2 FM T_M OF M an ag em en t of fu n cti on s i n TSF
FM T_M SA M an ag em en t of secu ri ty attri bu tes
I SO I EC 1 5408-3 No applicable SE CU RI TY C ON TROLS
I EC 62443-3-3 SR 4. 2 I n form ati on persi sten ce
I SO I EC 27002 5. 1 . 1 Pol i ci es for i n form ati on secu ri ty
I SO 27799 5. 1 . 2 Revi ew of th e i n form ati on secu ri ty pol i cy
6. 2. 1 M obi l e d evi ce pol i cy
1 2. 1 . 1 Docu m en ted operati n g proced u res
1 2. 1 . 2 Ch an g e m an agem en t
1 4. 1 . 1 I n form ati on secu ri ty req u i rem en ts an al ysi s an d speci fi cati on
1 4. 2. 1 Secu re d evel opm en t pol i cy
1 4. 2. 2 System ch an g e con trol procedu res
Tech n i cal revi ew of appl i cati on s after operati n g pl atform
1 4. 2. 3
ch an g es
1 4. 2. 4 Restri cti on s on ch an g es to software packag es
1 4. 2. 5 Secu re system en g i n eeri n g pri n ci pl es
1 4. 2. 6 Secu re d evel opm en t en vi ron m en t
1 4. 2. 7 Ou tsou rced d evel opm en t
1 4. 2. 8 System secu ri ty testi n g
1 4. 2. 9 System acceptan ce testi n g
I d en ti fi cati on of appl i cabl e l eg i sl ati on an d con tractu al
1 8. 1 . 1
req u i rem en ts
1 8. 1 . 2 I n tel l ectu al property ri g h ts
1 8. 2. 1 I n d epen d en t revi ew of i n form ati on secu ri ty
1 8. 2. 2 Com pl i an ce wi th secu ri ty pol i ci es an d stan d ard s
1 8. 2. 3 Tech n i cal com pl i an ce revi ew
– 42 – I EC TR 80001 -2-8:201 6 © I EC 201 6
Table 1 5 (continued)
Standard Reference Control
I SO I EC 27002 1 3. 1 . 3 Seg reg ati on i n n etworks
I SO 27799 1 4. 2. 1 Secu re d evel opm en t pol i cy
1 4. 2. 4 Restri cti on s on ch an g es to software packag es
1 4. 2. 8 System secu ri ty testi n g
1 8. 2. 2 Com pl i an ce wi th secu ri ty pol i ci es an d stan d ard s
Table 1 6 (continued)
Standard Reference Control
SP 800-53 PL-8 I n form ati on secu ri ty arch i tectu re
PS-1 Person n el secu ri ty pol i cy an d proced u res
SA-4 Acq u i si ti on P ROCE S S
SA-5 I n form ati on system d ocu m en tati on
SA-1 6 Devel oper-provi d ed trai n i n g
SC-1 System an d com m u ni cati on s protecti on pol i cy an d proced u res
SI -1 System an d i n form ati on i n teg ri ty pol i cy an d proced u res
SI -2 Fl aw rem ed i ati on
SI -3 M al i ci ou s cod e protecti on
SI -4 I n form ati on system m on i tori n g
SI -5 Secu ri ty al erts, ad vi sori es, an d d i recti ves
SI -6 Secu ri ty fu n cti on al i ty VER I FI C ATI ON
SI -7 Software an d i n form ati on i n teg ri ty
SI -8 Spam protecti on
SI -1 0 I n form ati on i n pu t val i d ati on
SI -1 1 Error h an dl i n g
SI -1 2 I n form ati on h an d l i n g an d reten ti on
SI -1 7 Fai l -safe proced u res
PM -1 I n form ati on secu ri ty prog ram pl an
PM -9 R I S K M AN AG E M E N T strateg y
PM -1 2 I n si d er th reat prog ram
PM -1 4 Testi n g , trai n i n g an d m on i tori n g
PM -1 5 Con tacts wi th secu ri ty g rou ps an d associ ati on s
PM -1 6 Th reat awaren ess prog ram
I SO I EC 1 5408-2 FAU _G EN Secu ri ty au di t d ata g en erati on
FAU _SAR Secu ri ty au di t revi ew
FDP_ACC Access con trol pol i cy
FDP_ACF Access con trol fu n cti on s
I SO I EC 1 5408-3 APE_REQ Secu ri ty req u i rem en ts
ASE_I N T ST i n trod u cti on
ASE_CCL Con form an ce cl ai ms
ASE_SPD Secu ri ty probl em defi n i ti on
ASE_OBJ Secu ri ty obj ecti ves
ASE_TSS TOE su m m ary speci fi cati on
ADV_FSP Fu n cti on al speci fi cati on
AG D_OPE Operati on al u ser g u i d an ce
I EC 62443-3-3 No applicable SEC U R I TY CON TROLS
Table 1 6 (continued)
Standard Reference Control
I SO 27799 6. 2. 1 M obi l e d evi ce pol i cy
6. 2. 2 Tel eworki n g
7. 2. 2 I n form ati on secu ri ty awaren ess, ed u cati on an d trai n i n g
9. 4. 2 Secu re l og on proced u res
1 2. 1 . 1 Docu m en ted operati n g proced u res
1 3. 2. 1 I n form ati on tran sfer pol i ci es an d proced u res
1 4. 1 . 1 I n form ati on secu ri ty req u i rem en ts an al ysi s an d speci fi cati on
1 4. 2. 1 Secu re d evel opm en t pol i cy
1 4. 2. 2 System ch an g e con trol proced u res
Tech n i cal revi ew of appl i cati on s after operati n g pl atform
1 4. 2. 3
ch an g es
1 5. 1 . 1 I n form ati on secu ri ty pol i cy for su ppl i er rel ati on sh i ps
1 6. 1 . 1 Respon si bi l i ti es an d proced u res
1 6. 1 . 5 Respon se to i n form ati on secu ri ty i n ci den ts
I d en ti fi cati on of appl i cabl e l eg i sl ati on an d con tractu al
1 8. 1 . 1
req u i rem en ts
1 8. 1 . 5 Reg u l ati on of cryptog raph i c con trol s
1 8. 2. 2 Com pl i an ce wi th secu ri ty pol i ci es an d stan d ard s
1 8. 2. 3 Tech n i cal com pl i an ce revi ew
4. 20 Tra n s m i s s i o n i n t e g ri t y – TXI G
Requ irement g oal : Device protects th e i n teg ri ty of transmi tted H EALTH DATA .
U ser need: Assu rance th at i n teg rity of H EALTH DATA is m ain tain ed du rin g
transm ission. This all ows transm ission of H EALTH DATA over relati vel y
open networks or en viron men t where stron g poli cies for H EALTH DATA
i nteg ri ty are i n use.
Tab l e 1 9 – TXI G c o n t ro l s
Bibliography
[1 ] I EC TS 62443-1 -1 , Industrial communication networks – Network and system security
– Part 1-1: Terminology, concepts and models
[9] H I M SS/N EMA Standard H N 1 -201 3, Manufacturer Disclosure Statement for Medical
Device Security
[1 0] N I ST I R 7298 Revision 2, Glossary of Key Information Security Terms, Rich ard Kissel,
Edi tor, Com puter Secu rity Di vision I nformati on Technolog y Laborator, N ation al
I nsti tu te of Standards and Technolog y, M ay 201 3
___________
___________
7) To be pu bl i sh ed .
I N TE RN ATI O N AL
E LE C TR OTE C H N I C AL
CO M M I S SI O N
3 , ru e d e Vare m bé
PO Box 1 31
CH -1 21 1 G e n e va 2 0
S wi tze rl an d
Te l : + 41 22 9 1 9 0 2 1 1
Fax: + 4 1 22 9 1 9 0 3 0 0
i n fo @ i e c. ch
www. i e c. ch