Đăng ký
  1. Trang chủ
  2. » Luận Văn - Báo Cáo

Iec Tr 80001-2-8-2016.Pdf

56 0 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

IEC TR 80001 2 8 Edition 1 0 201 6 05 TECHNICAL REPORT Application of risk management for IT networks incorporating medical devices – Part 2 8 Application guidance – Guidance on standards for establis[.]

I EC TR 80001 -2-8 Edition 201 6-05 TE CH N I CAL R E POR T Appl i cati on of ri sk m an ag em en t fo r I T-n etwo rks i n corporati n g m ed i cal d evi ces – Part 2-8: Appl i cati on g u i d an ce – G u i d an ce o n stan d ard s for establ i sh i n g th e IEC TR 80001 -2-8:201 6-05(en) secu ri ty capabi l i ti es i d en ti fi ed i n I E C TR 80001 -2 -2 TH I S P U B L I C ATI O N I S C O P YR I G H T P R O TE C TE D C o p yri g h t © I E C , G e n e va , Sw i t z e rl a n d All rights reserved Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or IEC's member National Committee in the country of the requester If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or your local IEC member National Committee for further information IEC Central Office 3, rue de Varembé CH-1 21 Geneva 20 Switzerland Tel.: +41 22 91 02 1 Fax: +41 22 91 03 00 info@iec.ch www.iec.ch Abo u t th e I E C The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes International Standards for all electrical, electronic and related technologies Ab o u t I E C p u b l i c a t i o n s The technical content of IEC publications is kept under constant review by the IEC Please make sure that you have the latest edition, a corrigenda or an amendment might have been published I EC C atal og u e - webstore i ec ch /catal o g u e E l ectro ped i a - www el ectro ped i a org The stand-alone application for consulting the entire bibliographical information on IEC International Standards, Technical Specifications, Technical Reports and other documents Available for PC, Mac OS, Android Tablets and iPad The world's leading online dictionary of electronic and electrical terms containing 20 000 terms and definitions in English and French, with equivalent terms in additional languages Also known as the International Electrotechnical Vocabulary (IEV) online I EC pu bl i cati on s search - www i ec ch /search pu b I E C G l o ssary - s td i ec ch /g l ossary The advanced search enables to find IEC publications by a variety of criteria (reference number, text, technical committee,…) It also gives information on projects, replaced and withdrawn publications 65 000 electrotechnical terminology entries in English and French extracted from the Terms and Definitions clause of IEC publications issued since 2002 Some entries have been collected from earlier publications of IEC TC 37, 77, 86 and CISPR I EC J u st Pu bl i s h ed - webstore i ec ch /j u stp u bl i s h ed Stay up to date on all new IEC publications Just Published details all new publications released Available online and also once a month by email I E C Cu s to m er S ervi ce Cen tre - webstore i ec ch /csc If you wish to give us your feedback on this publication or need further assistance, please contact the Customer Service Centre: csc@iec.ch I E C TR 80001 -2-8 Edition 201 6-05 TECH N I CAL R E POR T Appl i cati on of ri sk m an ag em en t fo r I T-n etworks i n corpo rati n g m ed i cal d evi ces – Part 2-8: Appl i cati o n g u i d an ce – G u i d an ce o n stan d ard s for establ i sh i n g th e secu ri ty capabi l i ti es i d en ti fi ed i n I E C TR 80001 -2-2 INTERNATIONAL ELECTROTECHNICAL COMMISSION ICS 1 040.01 ISBN 978-2-8322-341 2-9 Warn i n g ! M ake su re th at you obtai n ed th i s pu bl i cati on from an au th ori zed d i stri bu tor –2– I EC TR 80001 -2-8:201 © I EC 201 CONTENTS FOREWORD I N TRODU CTI ON Scope N ormati ve references Terms an d defin i tions Gu idance for establ ish ing SECU RI TY CAPABI LI TI ES General Au tomatic log off – ALOF 4 Au dit controls – AU DT 4 Au thorization – AU TH Con fig u rati on of secu ri ty featu res – CN FS Cyber secu rity product upg rades – CSU P 21 H EALTH DATA de-iden ti fication – DI DT 24 Data backu p and disaster recovery – DTBK 25 Em erg ency access – EM RG 27 H EALTH DATA in teg ri ty and au th en ticity – I GAU 28 1 M alware detection /protection – MLDP 30 N ode au thentication – N AU T 32 Person au then tication – PAU T 35 4 Ph ysical locks on device – PLOK 37 Third-party componen ts in produ ct li fecycle roadm aps – RDMP 39 System an d application hardening – SAH D 42 Secu rity g u ides – SGU D 44 H EALTH DATA storag e confiden tial ity – STCF 47 Transm issi on fiden tial ity – TXCF 48 20 Transm issi on in tegrity – TXI G 50 Bi bliog raph y 51 Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table – ALOF trols – AU DT trols – AU TH trols – CN FS trols 20 – CSU P trols 22 – DI DT trols 24 – DTBK controls 26 – EM RG trols 28 – I GAU controls 29 – M LDP controls 30 1 – N AU T trols 33 – PAU T trols 36 – PLOK trols 38 – RDMP trols 40 – SAH D controls 43 I EC TR 80001 -2-8:201 © I EC 201 Table Table Table Table 16 17 18 19 – – – – –3– SGU D trols 45 STCF trol s 48 TXCF trols 49 TXI G trols 50 –4– I EC TR 80001 -2-8:201 © I EC 201 I NTERNATI ONAL ELECTROTECHN I CAL COMMI SSI ON APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS INCORPORATING MEDICAL DEVICES – Part 2-8: Application guidance – Guidance on standards for establishing the security capabilities identified in IEC TR 80001 -2-2 FOREWORD ) Th e I n tern ati on al El ectrotech n i cal Com m i ssi on (I EC) i s a worl d wi d e org an i zati on for stan dard i zati on com pri si n g al l n ati on al el ectrotech n i cal com m i ttees (I EC N ati on al Com m i ttees) Th e obj ect of I E C i s to prom ote i n tern ati on al co-operati on on al l q u esti on s cern i n g stan dard i zati on i n th e el ectri cal an d el ectron i c fi el ds To th i s en d an d i n ad di ti on to oth er acti vi ti es, I EC pu bl i sh es I n tern ati on al Stan d ards, Tech n i cal Speci fi cati on s, Tech n i cal Reports, Pu bl i cl y Avai l abl e Speci fi cati on s (PAS) an d G u i d es (h ereafter referred to as “I EC Pu bl i cati on (s) ”) Th ei r preparati on i s en tru sted to tech n i cal com m i ttees; an y I EC N ati on al Com m i ttee i n terested i n th e su bj ect d eal t wi th m ay parti ci pate i n th i s preparatory work I n tern ati on al , g overn m en tal an d n on g overn m en tal org an i zati on s l i si n g wi th th e I EC al so parti ci pate i n th i s preparati on I EC col l aborates cl osel y wi th th e I n tern ati on al Org an i zati on for Stan d ard i zati on (I SO) i n accordan ce wi th d i ti on s d eterm i n ed by ag reem en t between th e two org an i zati on s 2) Th e form al d eci si on s or ag reem en ts of I EC on tech n i cal m atters express, as n earl y as possi bl e, an i n tern ati on al sen su s of opi n i on on th e rel evan t su bj ects si n ce each tech n i cal com m i ttee h as represen tati on from al l i n terested I EC N ati on al Com m i ttees 3) I EC Pu bl i cati on s h ave th e form of recom m en d ati on s for i n tern ati on al u se an d are accepted by I EC N ati on al Com m i ttees i n th at sen se Wh i l e al l reason abl e efforts are m ad e to en su re th at th e tech n i cal ten t of I EC Pu bl i cati on s i s accu rate, I EC can n ot be h el d respon si bl e for th e way i n wh i ch th ey are u sed or for an y m i si n terpretati on by an y en d u ser 4) I n ord er to prom ote i n tern ati on al u n i form i ty, I EC N ati on al Com m i ttees u n d ertake to appl y I EC Pu bl i cati on s tran sparen tl y to th e m axi m u m exten t possi bl e i n th ei r n ati on al an d reg i on al pu bl i cati on s An y d i verg en ce between an y I EC Pu bl i cati on an d th e correspon d i n g n ati on al or reg i on al pu bl i cati on sh al l be cl earl y i n di cated i n th e l atter 5) I EC i tsel f d oes n ot provi d e an y attestati on of form i ty I n d epen d en t certi fi cati on bodi es provi d e form i ty assessm en t servi ces an d , i n som e areas, access to I EC m arks of form i ty I EC i s n ot respon si bl e for an y servi ces carri ed ou t by i n d epen d en t certi fi cati on bodi es 6) Al l u sers sh ou l d en su re th at th ey h ave th e l atest edi ti on of th i s pu bl i cati on 7) N o l i abi l i ty sh al l attach to I E C or i ts di rectors, em pl oyees, servan ts or ag en ts i n cl u di n g i n d i vi du al experts an d m em bers of i ts tech n i cal com m i ttees an d I EC N ati on al Com m i ttees for an y person al i n j u ry, property d am ag e or oth er d am ag e of an y n atu re wh atsoever, wh eth er di rect or i n d i rect, or for costs (i n cl u d i n g l eg al fees) an d expen ses ari si n g ou t of th e pu bl i cati on , u se of, or rel i an ce u pon , th i s I EC Pu bl i cati on or an y oth er I EC Pu bl i cati on s 8) Atten ti on i s d rawn to th e N orm ati ve referen ces ci ted i n th i s pu bl i cati on U se of th e referen ced pu bl i cati on s i s i n di spen sabl e for th e correct appl i cati on of th i s pu bl i cati on 9) Atten ti on i s d rawn to th e possi bi l i ty th at som e of th e el em en ts of th i s I EC Pu bl i cati on m ay be th e su bj ect of paten t ri g h ts I EC sh al l n ot be h el d respon si bl e for i d en ti fyi n g an y or al l su ch paten t ri g h ts The main task of I EC tech nical commi ttees is to prepare I n ternational Standards H owever, a techn ical com m ittee may propose th e pu bl ication of a techn ical report wh en it has collected data of a differen t kin d from th at wh ich is normall y pu blished as an I nternational Standard, for exam pl e "state of th e art" I EC 80001 -2-8, wh ich i s a techn ical report, h as been prepared by su bcomm i ttee 62A: Comm on aspects of electrical equ ipm en t u sed in medical practice, of I EC tech n ical comm i ttee 62: Electrical equi pm en t in medical practice, an d I SO techn ical com m ittee 21 5: H ealth in formatics ) _ ) Th i s d ocu m en t tai n s ori g i n al m ateri al th at i s © 201 3, Du n d al k I n sti tu te of Tech n ol og y, I rel an d Perm i ssi on i s g ran ted to I SO an d I EC to reprod u ce an d ci rcu l ate th i s m ateri al , th i s bei n g wi th ou t prej u d i ce to th e ri g h ts of Du n d al k I n sti tu te of Tech n ol og y to expl oi t th e ori g i n al text el sewh ere I EC TR 80001 -2-8:201 © I EC 201 –5– I t i s pu blished as a dou ble logo technical report The text of th is techn ical report is based on the fol lowin g docu men ts of I EC: En q u i ry d raft Report on voti n g 62A/1 01 8/DTR 62A/1 043A/RVC Fu ll in formati on on the votin g for the approval of th is technical report can be fou nd in th e report on voting indicated in th e above tabl e I n I SO, the standard has been approved by P-m embers ou t of 31 h aving cast a vote Th is pu blication has been drafted in accordance wi th the I SO I EC Di recti ves, Part Terms used th rou g hou t this techn ical report that have been defin ed in Clau se appear i n SM ALL CAPI TALS A list of all parts of the I EC 80001 seri es, pu blish ed u nder the g eneral titl e Application of risk management for it-networks incorporating medical devices, can be foun d on the I EC websi te The commi ttee has decided that th e ten ts of th is pu bl icati on wi ll remain u nchan ged u n ti l the stabili ty date in dicated on th e I EC websi te u nder "h ttp://webstore iec ch " in the data rel ated to the speci fic publ ication At th is date, the publ ication will be • recon firmed, • withdrawn, • replaced by a revised edi ti on , or • amended A bi li ng u al version of th is pu blicati on m ay be issued at a later date –6– I EC TR 80001 -2-8:201 © I EC 201 I NTRODUCTI ON The I EC 80001 -1 standard, the Application of risk management to IT-networks incorporating medical devices, provides the roles, responsibili ties and acti vi ties n ecessary for RI SK M AN AG EM EN T I EC TR 80001 -2-2, th e Application of risk management for IT-networks incorporating medical devices – Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls is a tech nical report that provides addi ti onal g u i dance i n relation to h ow SECU RI TY CAPABI LI TI ES migh t be referenced (disclosed an d discu ssed) in both the RI SK M AN AG EM EN T PROCESS and stakeholder commu n ications and agreemen ts Th is tech nical report provides g u idance for the establishm en t of each of the SECU RI TY CAPABI LI TI ES presen ted i n I EC TR 80001 -2-2 I EC TR 80001 -2-2 contains an in formati ve set of com mon , descriptive SECU RI TY CAPABI LI TI ES in tended to be th e startin g poi nt for a secu ri ty-cen tric discu ssion between the vendor and pu rch aser or am ong a larg er g rou p of stakeholders involved i n a M EDI CAL DEVI CE I T- N ETWORK project Scalabi li ty is possible across a ran ge of different sizes of RESPON SI BLE ORG AN I ZATI ON S (henceforth called healthcare del ivery org an izations – H DOs) as each eval u ates RI SK u sin g th e SECU RI TY CAPABI LI TI ES and decides what to inclu de or not to inclu de accordin g to their RI SK tolerance and availabl e resou rces Th is docum entation can be u sed by H DOs as input to their I EC 80001 PROCESS or to form the basis of RESPON SI BI LI TY AG RE EM EN TS among stakeholders Other I EC 80001 techn ical reports wil l provide step-by-step g u idance in th e RI SK M AN AG E M EN T PROCESS I EC TR 80001 -2-2 SECU RI TY CAPABI LI TI ES encourag e the disclosu re of m ore detai led SECU RI TY CON TROLS Th is tech nical report identifies SE CU RI TY CON TROLS from key security standards wh ich aim to provide g u idance to a RESPON SI BLE ORG AN I ZATI ON wh en adaptin g th e framework ou tlined i n I EC TR 80001 -2-2 The fram ework ou tl ined in I EC TR 80001 -2-2 requ ires shared responsi bil ity between H DOs and M EDI CAL DEVI CE man u facturers (MDMs) Si m ilarly, this gu idance applies to both stakeholders, as a shared responsibility, to ensu re safe M EDI CAL DEVI CE I T n etworks I n order to bu il d a secu re M EDI CAL DEVI CE I T n etwork a join t effort from both stakeholders is requ ired A SECU RI TY CAPABI LI TY , as defined in I EC TR 80001 -2-2, represen ts a broad category of techn ical, adm i nistrati ve and/or org an izational SECU RI TY CON TROLS 2) requ ired to m anage RI SKS to fiden tial i ty, in teg ri ty, avai labi l ity and accoun tabil i ty of data an d systems This docu ment presen ts these categ ories of SECU RI TY CON TROLS prescribed for a system and the operational en vi ronment to establ ish SECU RI TY CAPABI LI TI ES to protect the fi den ti ali ty, integ ri ty, availabi li ty and accou ntabi l ity of data and systems The SECU RI TY CON TROLS su pport the m ain tenance of fidential ity and th e protection from mal iciou s i n tru sion th at migh t lead to comprom ises in integ rity or system /data availability Th e SECU RI TY CON TROLS for each SECU RI TY CAPABI LI TY can be added to as th e need arises 3) Con trols are in ten ded to protect both data an d systems bu t special atten tion is g iven to the protection of both PRI VATE DATA and i ts su bset cal led H EALTH DATA I n addition to providing a basis for discu ssin g RI SK an d respective roles an d responsibilities toward RI SK M AN AG EM EN T , th is report is intended to supply: a) H ealth Deli very Organ izations (H DOs) wi th a catalog ue of m anag ement, operational and adm in istrative SECU RI TY CON TROLS to main tain the EFFECTI VEN ESS of a SECU RI TY CAPABI LI TY for a M EDI CAL DEVI CE on a M EDI CAL DEVI CE I T- N ETWORK ; b) M EDI CAL DEVI CE man u factu rers (MDMs) wi th a catalog ue of technical SECU RI TY CON TROLS for the establishm ent of each of the SECU RI TY CAPABI LI TI ES _ 2) For th e pu rpose of si sten cy th rou g h ou t th i s report, th e term S E CU RI TY CON TROLS refers to th e tech n i cal , ad m i n i strati ve an d org an i zati on al trol s/safeg u ards prescri bed to establ i sh SE CU RI TY C APABI LI TI E S 3) Th e sel ecti on of S EC U R I TY C APABI LI TI E S an d SE CU R I TY C ON TROLS wi l l vary d u e to th e d i versi ty of M ED I CAL D EVI C E prod u cts an d text i n rel ati on to en vi ron m en t an d I N TEN D ED U S E Th erefore, th i s tech n i cal report i s n ot i n ten d ed as a “on e si ze fi ts al l ” sol u ti on I EC TR 80001 -2-8:201 © I EC 201 –7– Th is report presen ts the SECU RI TY CAPABI LI TI ES , their respective “requ irem ent goal” and “user need” (i den tical to that i n I EC TR 80001 -2-2) wi th a correspon ding list of SECU RI TY CON TROLS from a n um ber of secu rity standards Th e secu rity standards u sed for mapping SECU RI TY CON TROLS to SE CU RI TY CAPABI LI TI ES inclu de 4) : • N I ST SP 800-53, Revision 4, Recommended Security Controls for Federal Information Systems and Organizations N I ST Special Pu bl ication 800-53 covers the steps in the R I SK M AN AG EM EN T Framework that address SECU RI TY CON TROL selection for federal in formation systems in accordance with the secu ri ty requ iremen ts in Federal I n form ation Processing Standard (FI PS) 200 Th is inclu des selectin g an i ni tial set of baseline SECU RI TY CON TROLS based on a FI PS 99 worst-case im pact anal ysis, tai loring the basel ine SECU RI TY CON TROLS , an d su pplemen ting th e SECU RI TY CON TROLS based on an org anization al assessment of RI SK The secu ri ty ru les cover areas inclu ding access trol , i nci den t response, bu si ness tin u i ty, an d disaster recoverabil ity • I SO I EC 5408-2:2008, Information technology – Security techniques – Evaluation criteria for IT security – Part 2: Security functional components Th is standard defines the ten t and presentation of the secu rity fu nctional requ irem en ts to be assessed in a secu ri ty evaluation u sin g I SO I EC 5408 I t tains a comprehensi ve catal og u e of predefin ed security fu nction al componen ts that wi ll fu lfil th e most com mon secu ri ty needs of the marketplace These are org anized u sin g a h ierarch ical structure of classes, fami lies and componen ts, an d su pported by compreh ensive u ser n otes Th is standard also provides g u idance on the speci fication of custom ized secu ri ty requ iremen ts wh ere no su i tabl e predefi ned secu ri ty fu ncti on al com ponen ts exist I SO I EC 5408-3:2008, Information technology – Security techniques – Evaluation criteria for IT security – Part 3: Security assurance components Th is standard defi nes the assu rance requ irements of the evalu ati on cri teria I t in clu des the evalu ation assu rance levels that define a scale for m easu rin g assurance for compon en t targets of evalu ation (TOEs) , th e composed assu rance packages that defi ne a scale for m easu ri ng assu rance for composed TOEs, the indi vidual assurance componen ts from wh ich th e assu rance levels an d packag es are composed, and th e cri teria for eval uati on of protection profiles and secu ri ty targ ets Th is stan dard defines the tent an d presen tati on of the assu rance requ irem en ts in the form of assu rance classes, fami lies an d componen ts and provides g u i dance on th e org anization of n ew assu rance requ irements The assu rance componen ts wi th in th e assurance fam il ies are presen ted in a hi erarchical order I EC 62443-3-3:201 3, Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels Th is standard provi des detail ed technical trol system requ iremen ts (SRs) associated wi th the seven fou ndati on al requ iremen ts (FRs) described in I EC TS 62443-1 -1 inclu ding defi ning the requ irem ents for trol system capability secu ri ty levels, SL-C (control system) These requ irem ents wou ld be u sed by variou s members of th e industrial au tomation and trol system (I ACS) com mun i ty alon g wi th the defi ned zones and condu i ts for the system u nder consideration (Su C) while developing the appropriate trol system targ et SL, SL-T(con trol system ) , for a specific asset I SO I EC 27002:201 , Information technology – Security techniques – Code of practice for information security controls Th is standard ou tlines g ui delines for org an izati on al in formation secu rity standards and i nformation secu ri ty m an agemen t practices inclu ding the selection , implemen tation an d m an agement of controls taki ng into consideration the org an ization's i nformation secu ri ty RI SK en vironm en t(s) I t is desi gned to be u sed by org anizati ons th at i nten d to: • • • _ 4) Th e sel ecti on of secu ri ty stan d ard s u sed i n th i s tech n i cal report d oes n ot represen t an exh au sti ve l i st of al l poten ti al l y u sefu l stan d ard s –8– I EC TR 80001 -2-8:201 © I EC 201 ) select trols wi th in the PROCESS of im plemen tin g a M EDI CAL DEVI CE system based on I SO I EC 27001 ; 2) im plemen t comm on l y accepted in form ation SECU RI TY CON TROLS ; 3) develop their own in formation secu ri ty m anag emen t g u idel ines • I SO 27799:— 5) , Health informatics – Information security management in health using ISO IEC 27002 Th is standard defi nes g u idelines to su pport th e interpretati on and i mplemen tation in health i n formatics of I SO I EC 27002 and is a companion to that stan dard I t speci fi es a set of detai led controls for m anagi ng health in form ation security and provi des h eal th information secu ri ty best practice g u ideli nes By i mplemen ti ng th is I n ternati onal Standard, H DOs and other custodians of health in formation will be abl e to ensu re a m ini mu m requ isi te level of secu rity th at is appropriate to thei r org anization 's circu mstances and that will m ain tain the fiden tiality, in teg ri ty and avai lability of personal heal th in form ation _ 5) To be pu bl i sh ed – 40 – I EC TR 80001 -2-8:201 © I EC 201 Table – RDMP controls Standard Reference Control SP 800-53 M A-1 System m n ten an ce pol i cy an d proced u res M A-2 Con trol l ed m n ten an ce M A-3 M n ten an ce tool s M A-6 Ti m el y m n ten an ce M P-1 M ed i a protecti on pol i cy an d proced u res M P-8 M ed i a d own g rad i n g SA-1 System an d servi ces acq u i si ti on pol i cy an d proced u res SA-3 System d evel opm en t l i fe cycl e SA-4 Acq u i si ti on P ROC E SS SA-5 I n form ati on system docu m en tati on SA-8 Secu ri ty en g i n eeri n g pri n ci pl es SA-9 Extern al i n form ati on system servi ces SA-1 Devel oper fi g u rati on m an ag em en t SA-1 Devel oper secu ri ty testi n g an d eval u ati on I EC TR 80001 -2-8:201 © I EC 201 – 41 – Table (continued) Standard Reference Control SP 800-53 SA-1 Su ppl y ch n protecti on SA-1 Devel opm en t PR OCE S S , stan dard s an d tool s SA-1 Devel oper-provi d ed trai n i n g SA-1 Devel oper secu ri ty archi tectu re an d d esi g n SA-21 Devel oper screen i n g FM T_M OF M an ag em en t of fu n cti on s i n TSF FM T_M SA M an ag em en t of secu ri ty attri bu tes I SO I EC 5408-2 I SO I EC 5408-3 No applicable SE CU RI TY C ON TROLS I EC 62443-3-3 SR I n form ati on persi sten ce I SO I EC 27002 Pol i ci es for i n form ati on secu ri ty I SO 27799 Revi ew of th e i n form ati on secu ri ty pol i cy M obi l e d evi ce pol i cy Docu m en ted operati n g proced u res Ch an g e m an agem en t I n form ati on secu ri ty req u i rem en ts an al ysi s an d speci fi cati on Secu re d evel opm en t pol i cy 2 System ch an g e trol procedu res Tech n i cal revi ew of appl i cati on s after operati n g pl atform ch an g es 4 Restri cti on s on ch an g es to software packag es Secu re system en g i n eeri n g pri n ci pl es Secu re d evel opm en t en vi ron m en t Ou tsou rced d evel opm en t System secu ri ty testi n g System acceptan ce testi n g I d en ti fi cati on of req u i rem en ts I n tel l ectu al property ri g h ts I n d epen d en t revi ew of i n form ati on secu ri ty 2 Com pl i an ce wi th secu ri ty pol i ci es an d stan d ard s Tech n i cal com pl i an ce revi ew appl i cabl e l eg i sl ati on an d tractu al – 42 – I EC TR 80001 -2-8:201 © I EC 201 4.1 System and application hardening – SAHD Requ irement g oal : U ser need: Adju st SECU RI TY CON TROLS on th e M EDI CAL DE VI CE an d/or software applications su ch that secu ri ty is maximized (“hardened”) whi le maintain in g I N TEN DED U SE M in i mize attack vectors and overall attack su rface area via port closing ; service removal , etc U ser requi res a system that is stable and provides just those services speci fied and requ ired according to its I N TEN DED U SE wi th a m i ni mu m of m ain tenance acti vities H DO I T requ ires systems conn ected to their n etwork to be secu re on del i very an d h ardened ag nst m isu se and attacks I t i s desirable for th e u ser to in form the MDM of suspected secu ri ty breaches and percei ved weaknesses i n user equ ipmen t I EC TR 80001 -2-8:201 © I EC 201 – 43 – Table – SAHD controls Standard Reference Control SP 800-53 AC-1 Access trol for m obi l e d evi ces CM -6 Con fi g u rati on setti n g s CM -7 Least fu n cti on al i ty SA-1 Cri ti cal i ty an al ysi s SA-1 Devel oper secu ri ty arch i tectu re an d d esi g n SA-1 Tam per resi stan ce an d detecti on SC-25 Th i n n od es SC-28 Protecti on of i n form ati on at rest SC-29 H eterog en ei ty SC-30 Con ceal m en t an d m i sd i recti on SC-31 Covert ch an n el an al ysi s SC-35 H on eycl i en ts SC-40 Wi rel ess l i n k protecti on SC-41 Port an d I /O d evi ce access SC-42 Sen sor capabi l i ty an d d ata SC-43 U sag e restri cti on s SI -1 Error h an dl i n g FM T_M SA M an ag em en t of secu ri ty attri bu tes FPT_PH P TSF ph ysi cal protecti on ASE_TSS TOE su m m ary speci fi cati on ADV_ARC Secu ri ty arch i tectu re ADV_TDS TOE d esi g n ALC_DEL Del i very ACO_COR Com posi ti on rati on al e ACO_REL Rel i an ce of i n d epen d en t com pon en t SR Au th ori zati on en forcem en t SR 2 Wi rel ess u se trol SR U se trol for portabl e an d m obi l e devi ces SR Software an d i n form ati on i n teg ri ty SR N etwork seg m en tati on SR Zon e bou n d ary protecti on SR G en eral pu rpose restri cti on s SR Appl i cati on parti ti on i n g SR 7 Least fu n cti on al i ty I SO I EC 27002 Pol i ci es for i n form ati on secu ri ty I SO 27799 Revi ew of th e i n form ati on secu ri ty pol i cy Protecti on of l og i n form ati on I n stal l ati on of software on operati on al system s Restri cti on s on software i n stal l ati on N etwork trol s Secu ri ty of n etwork servi ces I SO I EC 5408-2 I SO I EC 5408-3 I EC 62443-3-3 person -to-person com m u n i cati on – 44 – I EC TR 80001 -2-8:201 © I EC 201 Table (continued) Standard Reference Control I SO I EC 27002 Seg reg ati on i n n etworks I SO 27799 Secu re d evel opm en t pol i cy 4 Restri cti on s on ch an g es to software packag es System secu ri ty testi n g 2 Com pl i an ce wi th secu ri ty pol i ci es an d stan d ard s 4.1 Security guides – SGUD Requ irement g oal : U ser need: Ensu re that security g u idance for OPERATORS an d adm in istrators of th e system is avai lable Separate manuals for OPERATORS and admin istrators (inclu ding MDM sales and service) are desirable as they al low u nderstanding of fu l l admin istrative functions to be kept on ly by adm in istrators O PERATOR sh ou ld be clearly informed abou t his responsibili ties and secu re way of working wi th the system The adm inistrator needs i n formation abou t managi ng , custom izin g and mon itorin g th e system (i e access control lists, au di t logs, etc ) Admi nistrator needs cl ear u nderstan di ng of SECU RI TY CAPABI LI TI ES to allow H EALTH DATA RI SK ASSESSM EN T per appropriate reg u latory requ iremen t Sales and service also n eed in formation abou t th e system ’s SECU RI TY CAPABI LI TI ES and secu re way of working I t is desi rable for the user to know how an d when to in form th e MDM of suspected secu ri ty breaches and percei ved weaknesses i n user equ ipment I EC TR 80001 -2-8:201 © I EC 201 – 45 – Table – SGUD controls Standard Reference Control SP 800-53 AC-1 Access trol pol i cy an d m an ag em en t AC-2 Accou n t m an ag em en t AT-1 Secu ri ty awaren ess an d trai n i n g pol i cy an d proced u res AT-2 Secu ri ty awaren ess trai n i n g AT-3 Secu ri ty trai n i n g CP-1 Con ti n g en cy pl an n i n g pol i cy an d proced u res CP-2 Con ti n g en cy pl an CP-3 Con ti n g en cy trai n i n g I R-1 I n ci d en t respon se pol i cy an d proced u res I R-2 I n ci d en t respon se trai n i n g I R-7 I n ci d en t respon se assi stan ce I R-8 I n ci d en t respon se pl an PL-1 Secu ri ty pl an n i n g pol i cy an d proced u res PL-2 System secu ri ty pl an PL-4 Ru l es of beh avi ou r PL-7 Secu ri ty cept of operati on s – 46 – I EC TR 80001 -2-8:201 © I EC 201 Table (continued) Standard Reference Control SP 800-53 PL-8 I n form ati on secu ri ty arch i tectu re PS-1 Person n el secu ri ty pol i cy an d proced u res SA-4 Acq u i si ti on P ROCE S S SA-5 I n form ati on system d ocu m en tati on SA-1 Devel oper-provi d ed trai n i n g SC-1 System an d com m u ni cati on s protecti on pol i cy an d proced u res SI -1 System an d i n form ati on i n teg ri ty pol i cy an d proced u res SI -2 Fl aw rem ed i ati on SI -3 M al i ci ou s cod e protecti on SI -4 I n form ati on system m on i tori n g SI -5 Secu ri ty al erts, ad vi sori es, an d d i recti ves SI -6 Secu ri ty fu n cti on al i ty VER I FI C ATI ON SI -7 Software an d i n form ati on i n teg ri ty SI -8 Spam protecti on SI -1 I n form ati on i n pu t val i d ati on SI -1 Error h an dl i n g SI -1 I n form ati on h an d l i n g an d reten ti on SI -1 Fai l -safe proced u res PM -1 I n form ati on secu ri ty prog ram pl an PM -9 R I S K M AN AG E M E N T strateg y PM -1 I n si d er th reat prog ram PM -1 Testi n g , trai n i n g an d m on i tori n g PM -1 Con tacts wi th secu ri ty g rou ps an d associ ati on s PM -1 Th reat awaren ess prog ram FAU _G EN Secu ri ty au di t d ata g en erati on FAU _SAR Secu ri ty au di t revi ew FDP_ACC Access trol pol i cy FDP_ACF Access trol fu n cti on s APE_REQ Secu ri ty req u i rem en ts ASE_I N T ST i n trod u cti on ASE_CCL Con form an ce cl ms ASE_SPD Secu ri ty probl em defi n i ti on ASE_OBJ Secu ri ty obj ecti ves ASE_TSS TOE su m m ary speci fi cati on ADV_FSP Fu n cti on al speci fi cati on AG D_OPE Operati on al u ser g u i d an ce I SO I EC 5408-2 I SO I EC 5408-3 I EC 62443-3-3 No applicable I SO I EC 27002 Pol i ci es for i n form ati on secu ri ty I SO 27799 Revi ew of th e i n form ati on secu ri ty pol i cy Seg reg ati on of du ti es Con tact wi th au th ori ti es I SO I EC 27002 SEC U R I TY CON TROLS I EC TR 80001 -2-8:201 © I EC 201 – 47 – Table (continued) Standard Reference Control I SO 27799 M obi l e d evi ce pol i cy 2 Tel eworki n g 2 I n form ati on secu ri ty awaren ess, ed u cati on an d trai n i n g Secu re l og on proced u res Docu m en ted operati n g proced u res I n form ati on tran sfer pol i ci es an d proced u res I n form ati on secu ri ty req u i rem en ts an al ysi s an d speci fi cati on Secu re d evel opm en t pol i cy 2 System ch an g e trol proced u res Tech n i cal revi ew of appl i cati on s after operati n g pl atform ch an g es I n form ati on secu ri ty pol i cy for su ppl i er rel ati on sh i ps Respon si bi l i ti es an d proced u res Respon se to i n form ati on secu ri ty i n ci den ts I d en ti fi cati on req u i rem en ts Reg u l ati on of cryptog raph i c trol s 2 Com pl i an ce wi th secu ri ty pol i ci es an d stan d ard s Tech n i cal com pl i an ce revi ew 4.1 HEALTH DATA Requ irement g oal: U ser need: of appl i cabl e l eg i sl ati on an d tractu al storage confidentiality – STCF M DM establ ishes technical trols to m itig ate the poten tial for compromise to th e in tegrity an d fi den ti al i ty of H EALTH DATA stored on produ cts or removable media Reason able assu rance that H EALTH DATA stored on products or media is and stays secu re Encrypti on h as to be consi dered for H EALTH DATA stored on M EDI CAL DEVI CES based on RI SK AN ALYSI S For H EALTH DATA stored on removable m edia, encryption m i gh t protect fi den tial ity/ integ ri ty for cl in ical u sers bu t also MDM service and application en g ineers collecting cl in ical data A m echanism for encrypti on key m anagem en t consisten t with ven tional use, service access, emerg ency “break-g lass” access Encryption m eth od and streng th takes i nto consideration th e volu me (exten t of record collection /ag g regation) and sensiti vity of data – 48 – I EC TR 80001 -2-8:201 © I EC 201 Table – STCF controls Standard Reference Control SP 800-53 SC-1 Cryptog raph i c key establ i sh m en t an d m an ag em en t SC-1 Cryptog raph i c protecti on SC-1 Pu bl i c key i n frastru ctu re certi fi cates SC-28 Protecti on of i n form ati on at rest FCS_CKM Cryptog raph i c key m an ag em en t FCS_COP Cryptog raph i c operati on I SO I EC 5408-2 I SO I EC 5408-3 No applicable I EC 62443-3-3 SR I n form ati on confi d en ti al i ty SR U se of cryptog raph y I SO I EC 27002 Pol i ci es for i n form ati on secu ri ty I SO 27799 Revi ew of th e i n form ati on secu ri ty pol i cy M obi l e d evi ce pol i cy 2 Tel eworki n g 2 Label l i n g of i n form ati on H an d l i n g of assets M an ag em en t of rem ovabl e m ed i a Access trol pol i cy Access to n etworks an d n etwork servi ces I n form ati on access restri cti on 1 Pol i cy on th e use of cryptog raph i c trol s 1 Key m an ag em en t Separati on of en vi ron m en ts I n form ati on backu p Protecti on of test data Protecti on of records Pri vacy an d protecti on of person al l y i d en ti fi abl e i n form ati on Reg u l ati on of cryptog raph i c trol s 2 Com pl i an ce wi th secu ri ty pol i ci es an d stan d ard s SE CU RI TY C ON TROLS d evel opm en t, testi n g an d operati on al 4.1 Transmission confidentiality – TXCF Requ irement g oal : U ser need: Device m eets local laws, reg u l ations and standards (e g U SA H I PAA, EU 95/46/EC deri ved national l aws) accordin g to H DO needs to ensu re th e fidenti ality of transm itted H EALTH DATA Assu rance that H EALTH DATA fiden tiali ty i s main tained duri ng transmission between au then ticated n odes Th is al lows transport of H EALTH DATA over relati vel y open networks and/or en viron men t where strong H DO I T pol icies for H EALTH DATA in teg ri ty and fi den tial i ty are i n use See I EC TR 80001 -2-3:201 for more inform ation on RI SK M AN AG EM EN T for wireless n etwork systems I EC TR 80001 -2-8:201 © I EC 201 – 49 – Table – TXCF controls Standard Reference Control SP 800-53 PE-4 Access trol for tran sm i ssi on m edi u m SC-1 System an d procedu res SC-8 Tran sm i ssi on fi d en ti al i ty an d i n teg ri ty SC-1 Cryptog raph i c key establ i sh m en t an d m an ag em en t SC-1 Cryptog raph i c protecti on FCS_CKM Cryptog raph i c key m an ag em en t FCS_COP Cryptog raph i c operati on FDP_I TT I n tern al TOE tran sfer FDP_U CT I n ter-TSF u ser d ata fi den ti al i ty tran sfer protecti on FPT_I TT I n tern al TOE TSF d ata tran sfer FTP_I TC I n ter-TSF tru sted ch an n el I SO I EC 5408-2 com m u n i cati on s protecti on pol i cy an d I SO I EC 5408-3 No applicable I EC 62443-3-3 SR Pu bl i c key i n frastru ctu re (PKI ) certi fi cates SR I n form ati on fi d en ti al i ty SR U se of cryptog raph y I SO I EC 27002 Pol i ci es for i n form ati on secu ri ty I SO 27799 Revi ew of th e i n form ati on secu ri ty pol i cy M obi l e d evi ce pol i cy 2 Tel eworki n g 1 Pol i cy on th e u se of cryptog raph i c trol s 1 Key m an ag em en t 2 Con trol s ag n st m al ware I n form ati on backu p N etwork trol s Secu ri ty of n etwork servi ces Seg reg ati on i n n etworks I n form ati on tran sfer pol i ci es an d proced u res 2 Ag reem en ts on i n form ati on tran sfer 3 El ectron i c m essag i n g Con fi d en ti al i ty or n on -di scl osu re ag reem en ts Secu ri n g appl i cati on servi ces on pu bl i c n etworks Protecti n g appl i cati on servi ces tran sacti on s I d en ti fi cati on of req u i rem en ts Protecti on of record s Pri vacy an d protecti on of person al l y i d en ti fi abl e i n form ati on Reg u l ati on of cryptog raph i c trol s 2 Com pl i an ce wi th secu ri ty pol i ci es an d stan d ard s SE CU RI TY C ON TROLS appl i cabl e l eg i sl ati on an d tractu al – 50 – 20 Tra n s m i s s i o n Requ irement g oal : U ser need: I EC TR 80001 -2-8:201 © I EC 201 i n t e g ri t y – TXI G Device protects th e i n teg ri ty of transmi tted H EALTH DATA Assu rance th at i n teg rity of H EALTH DATA is m ain tain ed du rin g transm ission This all ows transm ission of H EALTH DATA over relati vel y open networks or en viron men t where stron g poli cies for H EALTH DATA i nteg ri ty are i n use Tab l e – TXI G c o n t ro l s Stan d ard Referen ce Co n tro l SP 800-53 PE-4 Access trol for tran sm i ssi on m edi u m SC-1 System an d procedu res SC-8 Tran sm i ssi on fi d en ti al i ty an d i n teg ri ty SI -1 System an d i n form ati on i n teg ri ty pol i cy an d proced u res SI -3 M al i ci ou s cod e protecti on FDP_I TT I n tern al TOE tran sfer FDP_U I T I n ter_TSF u ser d ata i n teg ri ty tran sfer protecti on FPT_I TI I n teg ri ty of exported TSF d ata FPT_I TT I n tern al TOE TSF d ata tran sfer FTP_I TC I n ter-TSF tru sted ch an n el I SO I EC 5408-2 com m u n i cati on s protecti on I SO I EC 5408-3 No applicable I EC 62443-3-3 SR Com m u n i cati on i n teg ri ty SR Sessi on i n teg ri ty I SO I EC 27002 Pol i ci es for i n form ati on secu ri ty I SO 27799 Revi ew of th e i n form ati on secu ri ty pol i cy 2 Con trol s ag n st m al ware I n form ati on backu p N etwork trol s Secu ri ty of n etwork servi ces Seg reg ati on i n n etworks I n form ati on tran sfer pol i ci es an d proced u res 2 Ag reem en ts on i n form ati on tran sfer 3 E l ectron i c m essag i n g 2 Com pl i an ce wi th secu ri ty pol i ci es an d stan d ard s SE CU R I TY CON TROLS pol i cy an d I EC TR 80001 -2-8:201 © I EC 201 – 51 – Bibliography [1 ] I EC TS 62443-1 -1 , Industrial communication networks – Network and system security – Part 1-1: Terminology, concepts and models [2] I EC 62443-3-3:201 3, Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels [3] I EC TR 80001 -2-3:201 2, Application of risk management for IT-networks incorporating [4] I SO I EC 5408-2:2008, Information technology – Security techniques – Evaluation criteria for IT security – Part 2: Security functional components [5] I SO I EC 5408-3:2008, Information technology – Security techniques – Evaluation [6] I SO I EC 27001 , Information technology – Security techniques – Information security management systems – Requirements [7] I SO I EC 27002:201 3, Information technology – Security techniques – Code of practice for information security controls [8] I SO 27799:— 7) , Health informatics – Information security management in health using [9] medical devices – Part 2-3: Guidance for wireless networks criteria for IT security – Part 3: Security assurance components ISO/IEC 27002 H I M SS/N EMA Standard H N -201 3, Manufacturer Disclosure Statement for Medical Device Security [1 0] N I ST I R 7298 Revision 2, Glossary of Key Information Security Terms, Rich ard Kissel, Edi tor, Com puter Secu rity Di vision I nformati on Technolog y Laborator, N ation al I nsti tu te of Standards and Technolog y, M ay 201 [1 ] N I ST SP 800-53 Revision 4:201 3, Security and Privacy Controls for Federal Information Systems and Organizations, h ttp://dx doi org /1 6028/N I ST SP 800-53r4 _ _ 7) To be pu bl i sh ed I N TE RN ATI O N AL E LE C TR OTE C H N I C AL CO M M I S SI O N , ru e d e Vare m bé PO Box 31 CH -1 21 G e n e va S wi tze rl an d Te l : + 41 Fax: + 22 9 1 22 9 0 i n fo @ i e c ch www i e c ch

Ngày đăng: 17/04/2023, 11:51

Xem thêm:

TÀI LIỆU CÙNG NGƯỜI DÙNG

TÀI LIỆU LIÊN QUAN