Back

ISO/IEEE 11073-40102:2022

Health informatics — Device interoperability — Part 40102: Foundational — Cybersecurity — Capabilities for mitigation

General information
Valid from 17.03.2022
ICS Groups
35.240.80 IT applications in health care technology
Directives or regulations
None

Standard history

Status
Date
Type
Name
17.03.2022
Main
ISO/IEEE 11073-40102:2022
Within the context of secure plug-and-play interoperability, cybersecurity is the process and capability of preventing unauthorized access or modification, misuse, denial of use, or the unauthorized use of information that is stored on, accessed from, or transferred to and from a PHD/PoCD. The capability part of cybersecurity is information security controls related to both digital data and the relationships to safety and usability.
For PHDs/PoCDs, this standard defines a security baseline of application layer cybersecurity mitigation techniques for certain use cases or for times when certain criteria are met. This standard provides a scalable information security toolbox appropriate for PHD/PoCD interfaces, which fulfills the intersection of requirements and recommendations from National Institute of Standards and Technology (NIST) and the European Network and Information Security Agency (ENISA). This standard maps to the NIST cybersecurity framework [B15]; IEC TR 80001-2-2 [B8]; and the Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) classification scheme. The mitigation techniques are based on the extended CIA triad (Clause 4) and are described generally to allow manufacturers to determine the most appropriate algorithms and implementations.
*
*
*
PDF
169.14 € incl tax
Paper
169.14 € incl tax
Standard monitoring
English

Related products

Main

EVS-EN 82304-1:2017

Health Software - Part 1: General requirements for product safety
Newest version Valid from 18.09.2017
Main

EVS-EN IEC 81001-5-1:2022

Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle
Newest version Valid from 01.03.2022
Main

EVS-EN IEC 80001-1:2021

Application of risk management for IT-networks incorporating medical devices - Part 1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software
Newest version Valid from 15.11.2021
Main

CEN ISO/TS 82304-2:2021

Health software - Part 2: Health and wellness apps - Quality and reliability (ISO/TS 82304-2:2021)
Newest version Valid from 01.09.2021

Standards designation

EVS Estonian standard
EN European standard (published by an CEN or CENELEC)
EN ISO International standard adopted as an European standard
ISO International Organization for Standardization’s standard
IEC International Electrotechnical Commission’s standard
HD CENELEC’s harmonisation document
   
EVS-EN European standard implemented in Estonia
EVS-EN ISO International standard adopted in Europe and implemented in Estonia
EVS-EN ISO/IEC International standard/International electrotechnical standard adopted in Europe and implemented in Estonia
EVS-IEC International electrotechnical standard implemented in Estonia
EVS-ISO International standard implemented in Estonia
   
A, AMD amedment
+A a full standard plus the amendment
/A only amendment
COR, AC corrigendum
+COR a full standard plus the corrigendum
NA national annex
+NA a full standard plus the national annex
/NA only national annex
TS technical specification
TR technical report
CWA agreement, developed by a CEN or CENELEC
prEVS-EN (etc) draft standard
   
et the standard is in Estonian only
en the standard is in English only
et-en the standard is in Parallel text Estonian-English

Contact

standard@evs.ee
+372 605 5060
Akadeemia tee 21/6, Tallinn, 12618, Estonia
Reg. code 80120020
Eesti Standardimis- ja Akrediteerimiskeskus MTÜ
E-N 8:30-17:00 R 8:30-16:00

Assistance in ordering

Direct links

Mastercard
Visa
Paypal
Swedbank
SEB
Luminor
LHV
Copyright © 2024 EVS. All rights reserved.