IEEE 11073-40101-2022
$43.33
IEEE/ISO International Standard-Health informatics–Device interoperability–Part 40101: Foundational–Cybersecurity–Processes for vulnerability assessment
| Published By | Publication Date | Number of Pages |
| IEEE | 2022 | 54 |
Adoption Standard – Active. For Personal Health Devices (PHDs) and Point-of-Care Devices (PoCDs), an iterative, systematic, scalable, and auditable approach to identification of cybersecurity vulnerabilities and estimation of risk is defined by this standard. The standard presents one approach to iterative vulnerability assessment that uses the Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) classification scheme and the embedded Common Vulnerability Scoring System (eCVSS). The assessment includes system context, system decomposition, pre-mitigation scoring, mitigation, and post-mitigation scoring and iterates until the remaining vulnerabilities are reduced to an acceptable level of risk.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 4 | Blank Page |
| 5 | Title page |
| 7 | Important Notices and Disclaimers Concerning IEEE Standards Documents |
| 10 | Participants |
| 13 | Introduction |
| 14 | Contents |
| 15 | 1. Overview 1.1 General |
| 16 | 1.2 Scope 1.3 Purpose 1.4 Word usage |
| 17 | 2. Definitions, acronyms, and abbreviations 2.1 Definitions 2.2 Acronyms and abbreviations 3. Risk management |
| 18 | 4. Software of unknown provenance 5. Multi-component system vulnerability assessment 6. Threat modeling 6.1 General |
| 19 | 6.2 Data flow diagram 6.3 STRIDE classification scheme 7. Scoring system 7.1 General 7.2 CVSS |
| 20 | 7.3 eCVSS |
| 21 | 8. Process for vulnerability assessment 8.1 Iterative vulnerability assessment 8.2 System context 8.2.1 Use case description |
| 22 | 8.2.2 Actors |
| 24 | 8.2.3 Assets 8.2.4 Mapping actors to assets 8.3 System decomposition 8.3.1 General 8.3.2 Trust boundaries 8.3.3 Threat model |
| 25 | 8.3.4 Vulnerability list |
| 26 | 8.4 Scoring 8.4.1 General 8.4.2 eCVSS metric guidelines |
| 27 | 8.4.3 Suggested collateral damage |
| 28 | 8.4.4 System-wide metrics 8.4.5 Risk level thresholds 8.5 Mitigation 8.6 Iteration |
| 29 | Annex A (informative) Bibliography |
| 30 | Annex B (informative) STRIDE |
| 34 | Annex C (informative) embedded Common Vulnerability Scoring System |
| 41 | Annex D (informative) Microsoft TMT2Excel Macro |
| 44 | Annex E (informative) Example insulin delivery device vulnerability assessment |
| 53 | Blank Page |
Related products
-
IEEE 11073-10425-2023
IEEE Standard – Health informatics–Device Interoperability Part 10425: Personal Health Device Communication–Device Specialization–Continuous Glucose Monitor…
-
IEEE 11073-10101-2020
IEEE/ISO/IEC International Standard – Health informatics-Device interoperability-Part 10101: Point-of-care medical device communication-Nomenclature Published By Publication…
-
IEEE 11073-10429-2022
IEEE Standard for Health Informatics — Device Interoperability — Part 10429: Personal Health Device Communication…
-
BS EN ISO/IEEE 11073-40102:2022
Health informatics. Device interoperability – Foundational. Cybersecurity. Capabilities for mitigation Published By Publication Date Number…
-
IEEE 11073-10419-2023
IEEE Standard for Health informatics–Device interoperability Part 10419: Personal Health Device Communication–Device Specialization–Insulin Pump (Approved…
-
IEEE 802.3-2018
IEEE Standard for Ethernet (Superseded Redline) Published By Publication Date Number of Pages IEEE 2018
-
IEEE 11073-10425-2023
IEEE Standard – Health informatics–Device Interoperability Part 10425: Personal Health Device Communication–Device Specialization–Continuous Glucose Monitor…
-
IEEE 11073-10101-2019
IEEE Standard for Health informatics–Point-of-care medical device communication – Part 10101: Nomenclature Published By Publication…
-
IEEE 11073-10406-2023
IEEE Standard for Health Informatics–Device Interoperability Part 10406: Personal Health Device Communication–Device Specialization–Basic Electrocardiography (ECG)…
-
IEEE 11073-10419-2023
IEEE Standard for Health informatics–Device interoperability Part 10419: Personal Health Device Communication–Device Specialization–Insulin Pump (Published)…
-
IEEE 11073-10101-2019
IEEE Standard for Health informatics–Point-of-care medical device communication – Part 10101: Nomenclature Published By Publication…
-
IEEE 11073-10101-2020
IEEE/ISO/IEC International Standard – Health informatics-Device interoperability-Part 10101: Point-of-care medical device communication-Nomenclature Published By Publication…
-
IEEE 11073-10429-2022
IEEE Standard for Health Informatics — Device Interoperability — Part 10429: Personal Health Device Communication…
-
BS EN ISO/IEEE 11073-40101:2022
Health informatics. Device interoperability – Foundational. Cybersecurity. Processes for vulnerability assessment Published By Publication Date…
-
IEEE 11073-10406-2023(Redline)
IEEE Standard for Health Informatics–Device Interoperability Part 10406: Personal Health Device Communication–Device Specialization–Basic Electrocardiography (ECG)…
-
IEEE 802.3-2018
IEEE Standard for Ethernet (Superseded Redline) Published By Publication Date Number of Pages IEEE 2018…
-
IEEE 11073-10406-2023
IEEE Standard for Health Informatics–Device Interoperability Part 10406: Personal Health Device Communication–Device Specialization–Basic Electrocardiography (ECG)…
-
ISO/IEEE 11073-40102:2022
Health informatics – Device interoperability – Part 40102: Foundational – Cybersecurity – Capabilities for mitigation…
-
IEEE 11073-10101b-2023
IEEE Standard for Health Informatics–Device Interoperability Part 10101: Foundational–Nomenclature Amendment 1: Additional definitions (Approved Draft)…
-
IEEE 11073-10425-2023
IEEE Standard – Health informatics–Device Interoperability Part 10425: Personal Health Device Communication–Device Specialization–Continuous Glucose Monitor…
-
IEEE 11073-40102-2022
IEEE/ISO International Standard – Health informatics–Device interoperability Part 40102: Foundational–Cybersecurity–Capabilities for mitigation Published By Publication…
-
IEEE 11073-10102-2012
Health informatics — Point-of-care medical device communication Part 10102: Nomenclature —Annotated ECG Published By Publication…
-
IEEE/ISO/IEC 11073 10101 2020
IEEE/ISO/IEC International Standard – Health informatics-Device interoperability-Part 10101: Point-of-care medical device communication-Nomenclature Published By Publication…
-
IEEE 11073 10102 2013
Health informatics Point-of-care medical device communication Part 10102: Nomenclature Annotated ECG Published By Publication Date…
-
BS EN ISO 11073-10101:2020
Health informatics. Device interoperability – Point-of-care medical device communication. Nomenclature Published By Publication Date Number…
-
IEEE 11073 10407 2020
IEEE Health informatics–Personal health device communication Part 10407: Device specialization–Blood pressure monitor Published By Publication…
-
IEEE 11073-10425-2023
IEEE Standard – Health informatics–Device Interoperability Part 10425: Personal Health Device Communication–Device Specialization–Continuous Glucose Monitor…
-
ISO/IEEE 11073-40101:2022
Health informatics – Device interoperability – Part 40101: Foundational – Cybersecurity – Processes for vulnerability…
-
IEEE 802.15.1-2002
IEEE Standard for Telecommunications and Information Exchange Between Systems – LAN/MAN – Specific Requirements –…
-
BS EN ISO 11073-10101:2005+A1:2017:2018 Edition
Health informatics. Point-of-care medical device communication – Nomenclature Published By Publication Date Number of Pages…
-
ISO/IEEE 11073-10101:2020
Informatique de santé — Interopérabilité des dispositifs — Partie 10101: Communication entre dispositifs médicaux sur…
-
IEEE 11073-10101b-2023
IEEE Standard for Health Informatics–Device Interoperability Part 10101: Foundational–Nomenclature Amendment 1: Additional definitions (Published) Published…
-
IEEE 11073-10101-2020
IEEE/ISO/IEC International Standard – Health informatics-Device interoperability-Part 10101: Point-of-care medical device communication-Nomenclature Published By Publication…
-
BS EN ISO 11073-10102:2014
Health informatics. Point-of-care medical device communication – Nomenclature. Annotated ECG Published By Publication Date Number…
-
BS EN ISO 11073-10101:2020
Health informatics. Device interoperability – Point-of-care medical device communication. Nomenclature Published By Publication Date Number…
-
IEEE 11073-10429-2022
IEEE Standard for Health Informatics — Device Interoperability — Part 10429: Personal Health Device Communication…
-
IEEE 802.15.1 2002
IEEE Standard for Telecommunications and Information Exchange Between Systems – LAN/MAN – Specific Requirements –…
-
IEEE 11073-10101-2019(Redline)
IEEE Standard for Health informatics–Point-of-care medical device communication – Part 10101: Nomenclature (Redline) Published By…
-
IEEE 802.3 2018
IEEE Standard for Ethernet Published By Publication Date Number of Pages IEEE 2018
-
IEEE 11073-10101-2019(Redline)
IEEE Standard for Health informatics–Point-of-care medical device communication – Part 10101: Nomenclature (Redline) Published By…
