IEEE Std 11073-40101 pdf free download
IEEE Std 11073-40101 pdf free download.Health informatics—Device interoperability Part 40101: Foundational—Cybersecurity—Processes for vulnerability assessment.
4. Software of unknown provenance
The development of a PHD/PoCD is similar to the development of any device or system where manufacturers implement within their domain of specialties and otherwise include third—party solutions. If these third—party or off-the-shelf (OTS) solutions are software, they are known as software of unknown provenance (SOUP) (FDA [B 1]). Since PHD/PoCD manufacturers are held responsible for any harm that occurs from the safety and efficacy of the design and intended use of their devices, they are also responsible for the SOUP within their devices.
One way to manage SOUP within a system is for the manufacturer to verify each version of the SOUP included with the system. Alternatively, the manufacturer could include additional information security controls within the system to protect the system from potential vulnerabilities of the SOUP. This standard for vulnerability assessment addresses the latter as the assessment considers all components within the Pl-ID/PoCD and related systems. The benefit of including SOUP in the vulnerability assessment and mitigating any identified vulnerabilitics with specific security controls is that it reduces the burden on the manufacturer when verifying the SOUP.
5. Multi-component system vulnerability assessment
As the connectivity of PHDs/PoCDs increases, multi-component, heterogeneous systems become more widespread. A multi-component system includes multiple connected components from potentially various manufacturers either within a single device or as a system (e.g., system of systems), where at least one component is a PHD/PoCD. Examples of multi-component systems include an automated insulin delivery system, patient monitor, and cloud service that gathers data from PHDs/PoCDs to support consumers, providers, or payers. An automated insulin delivery system connects a continuous glucose monitor and insulin pump to an automated dosing controller. A patient monitor typically includes devices such as a thermometer, blood pressure monitor, and pulse oximeter. Also, it is important to note that as the connectivity increases the intended use is subject to change.
The vulnerability assessment described in this standard is applicable to a multi-component system. Both in a standalone PHD/PoCD or as part of multi-component system, the following assumptions must be made: the environment is hostile, and the PHD/PoCD does not know the inner workings of the connected device(s). Thus, the PHDIPoCD should not trust the other connected device(s) implicitly. Instead, security is the responsibility of the manufacturer of the PHD/PoCD interfaces, which should be well described and without hidden functionality. Also, the security of one component of the system should not depend on the security of another. Each component of the system, by itself should provide sufficient security to protect against direct attacks or chaining of attacks. Assessing each component individually for vulnerabilities without any inherent trust between the components of the system greatly improves the security of the system as a whole (i.e., zero trust). This assessment should not be omitted even when the multiple components were intended to work together.
6. Threat modeling
6.1 General
Threat modeling is an approach of analyzing the security of a system (e.g., device, application) or a system of systems (e.g., multi-component system) so that vulnerabilities can be identified, enumerated, and prioritized. Threat modeling typically employs a systematic approach to identifying assets most desired by an attacker and related attack vectors. This step leads to the decomposition of the system by investigating each asset and attack vector individually and determining the kind of attacks to which they are vulnerable. From this effort, a list of vulnerabilities is created for the system and ordered in terms of risk, potential to cause harm, or any other criteria deemed appropriate.IEEE Std 11073-40101 pdf download.
