IEEE Std 11073-40102:2020 pdf download.Health informatics--Device interoperability-Part 40102:Foundational- -Cybersecurity-Capabilities for mitigation.
Within the context of secure plug-and-play interoperability, cybersecurity is the process and capability of preventing unauthorized access or modification, misuse, denial of use, or the unauthorized use of information that is stored on, accessed from, or transferred to and from a P1-I D/PoCD. The capability part of cybersecurity is information security controls related to both digital data and the relationships to safety and usability.
For PHDs/PoCDs, this standard defines a security baseline of application layer cybersecurity mitigation techniques for certain use cases or for times when certain criteria are met. This standard provides a scalable information security toolbox appropriate for PHD/PoCD interfaces, which fulfills the intersection of requirements and recommendations from National Institute of Standards and Technology (N 1ST) and the European Network and Information Security Agency (EN ISA). This standard maps to the NIST cybersecurity framework [B15]; IEC TR 80001-2-2 [B8]: and the Spoofing, Tampering. Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) classification scheme. The mitigation techniques are based on the extended CIA triad (Clause 4) and are described generally to allow manufacturers to determine the most appropriate algorithms and implementations.
1.3 Purpose
The purpose of this document is to build a common approach to cybersecurity mitigation on PHD/PoCD interfaces and define a scalable information security toolbox appropriate for the PHD/PoCD data exchange standards.
1.4 Word usage
The word shall indicates mandatory requirements strictly to be thilowed in order to conform to the standard and from which no deviation is permitted (shall equals is required to)
The word should indicates that among several possibilities one is recommended as particularly suitable, without mentioning or excluding others; or that a certain course of action is preferred but not necessarily required (slio uld equals is recommended that).
The word may is used to indicate a course of action permissible within the limits of the standard (may equals is permitted to).
The word can is used for statements of possibility and capability, whether material, physical, or causal (cami equals is able to).
2. Normative references
The following referenced documents are indispensable for the application of this document (i.e., they must be understood and used: therefore, each referenced document is cited in text, and its relationship to this document is explained). For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments or corrigenda) applies.
NIST FIPS Publication 197, Advanced Encryption Standard (AES).
(https://csrc.nist.gov/publications/detail/fips/ 197/final)
NIST SP 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. (https://csrc.nist.gov/publications/dctail/sp/800-38dJfrnal)
See Annex A for all informative material referenced by this standard.
3. Definitions, acronyms, and abbreviations
3.1 Definitions
For the purposes of this document, the terms and definitions provided in the PhD Cybersecurity Standards Roadmap (IEEE white paper [B 10]) apply. The IEEE Standards Dictionary Online should be consulted for terms not defined there.
3.2 Acronyms and abbreviations
AES Advanced Encryption Standard
AES-GCM Advanced Encryption Standard—Galois/Counter Mode
AES-GMAC Advanced Encryption Standard—Galois Message Authentication Code
CIA confidentiality, integrity, and availability
ECDH Elliptic Curve Diffie—I-Iellman
ENISA European Network and Information Security Agency
HCP Health Care Provider
MAC message authentication code
NIST National Institute of Standards and Technology
P1-ID Personal Health Device
PoCD Point-of-Care Device
STRIDE Spoofing. Tampering. Repudiation, Information Disclosure, Denial of Service, Elevation of Privileges.IEEE Std 11073-40102 pdf download.