AAMI TIR80001 2 2 2012
$140.32
AAMI/IEC TIR80001-2-2:2012 – Application of risk management for IT-networks incorporating medical devices-Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls
| Published By | Publication Date | Number of Pages |
| AAMI | 2012 | 68 |
Step-by-step guide to help in the application of risk management when creating or changing a medical IT-network.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 1 | ANSI/AAMI/IEC TIR80001-2-2:2012, Application of risk management for IT-networks incorporating medical devices— Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls |
| 3 | Title page |
| 4 | Copyright information |
| 5 | AAMI Technical Information Report ANSI Technical Report |
| 6 | Contents |
| 8 | Glossary of equivalent standards |
| 11 | Committee representation |
| 12 | Background of ANSI/AAMI adoption of IEC/TR 80001-2-2:2012 |
| 13 | FOREWORD |
| 15 | INTRODUCTION |
| 17 | 1 Scope |
| 18 | 2 Normative references 3 Terms and definitions |
| 22 | 4 Use of security capabilities 4.1 Structure of a security capability entry |
| 23 | 4.2 Guidance for use of security capabilities in the risk management process 4.3 Relationship of ISO 14971-based risk management to IT security risk management |
| 24 | 5 Security capabilities 5.1 Automatic logoff – ALOF |
| 25 | 5.2 Audit controls – AUDT 5.3 Authorization – AUTH |
| 27 | 5.4 Configuration of security features – CNFS 5.5 Cyber security product upgrades – CSUP 5.6 Health data de-identification – DIDT |
| 28 | 5.7 Data backup and disaster recovery – DTBK 5.8 Emergency access – EMRG |
| 29 | 5.9 Health data integrity and authenticity – IGAU 5.10 Malware detection/protection – MLDP 5.11 Node authentication – NAUT |
| 30 | 5.12 Person authentication – PAUT |
| 31 | 5.13 Physical locks on device – PLOK 5.14 Third-party components in product lifecycle roadmaps – RDMP |
| 32 | 5.15 System and application hardening – SAHD 5.16 Security guides – SGUD |
| 33 | 5.17 Health data storage confidentiality – STCF 5.18 Transmission confidentiality – TXCF |
| 34 | 5.19 Transmission integrity – TXIG 6 Example of detailed specification under security capability: Person authentication – PAUT |
| 35 | 7 References |
| 37 | 8 Other resources 8.1 General 8.2 Manufacture disclosure statement for medical device security (MDS2) 8.3 Application security questionnaire (ASQ) 8.4 The Certification Commission for Healthcare Information Technology (CCHIT) 8.5 http://www.cchit.org/get_certifiedHL7 Functional Electronic Health Record (EHR) |
| 38 | 8.6 Common criteria – ISO/IEC 15408 9 Standards and frameworks |
| 39 | Annex A (informative) Sample scenario showing the exchange of security information A.1 Introduction to the security characteristics scenario |
| 40 | A.2 Manufacturer (MDM) Security Characteristics Report – “The Offering” |
| 41 | A. Brief Intended Purpose definition of the device FOOBAR 2.0 B. Detailed Specification of Security Capabilities |
| 49 | A.3 HDO’s reply to the MDM Security Characteristics Report – “The Response” |
| 62 | Annex B (informative) Examples of regional specification on a few security capabilities |
| 66 | Annex C (informative) Security capability mapping to C-I-A-A |
| 67 | Bibliography |
Related products
-
AAMI TIR80001 2 4 2012
AAMI/IEC TIR80001-2-4:2012 – Application of risk management for IT-networks incorporating medical devices-Part 2-4: General implementation…
-
AAMI TIR80001 2 3 2012
AAMI/IEC TIR80001-2-3:2012 – Application of risk management for IT-networks incorporating medical devices-Part 2-3: Guidance for…
-
AAMI TIR80001 2 1 2012
AAMI/IEC TIR80001-2-1:2012 – Application of risk management for IT-networks incorporating medical device-Part 2-1: Step by…
