IEC TR 60601-4-5:2021 provides detailed technical specifications for SECURITY features of MEDICAL DEVICES used in MEDICAL IT-NETWORKS. MEDICAL DEVICES dealt with in this document include MEDICAL ELECTRICAL EQUIPMENT, MEDICAL ELECTRICAL SYSTEMS and MEDICAL DEVICE SOFTWARE. MEDICAL DEVICE SOFTWARE, although not in the scope of IEC 60601 (all parts), can also make use of this document. Based on the seven foundational requirements described in the state-of-the-art document IEC TS 62443 1 1:2009, this document provides specifications for different MEDICAL DEVICE capability SECURITY LEVELS (SL C). The specified SECURITY capabilities of a MEDICAL DEVICE can be used by various members of the medical community to integrate the device correctly into defined SECURITY ZONES and CONDUITS of a MEDICAL IT-NETWORK with an appropriate MEDICAL IT NETWORK’s target SECURITY LEVEL (SL T). This document is applicable to MEDICAL DEVICES with external data interface(s), for example when connected to a MEDICAL IT-NETWORK or when a human interface is used for processing \u2013 e.g. entering, capturing or viewing \u2013 CONFIDENTIAL DATA.This document does not apply to other software used on a MEDICAL IT-NETWORK which does not meet the definition of MEDICAL DEVICE SOFTWARE. This document does not apply to in-vitro diagnostic devices (IVD).<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 4<\/td>\n | CONTENTS <\/td>\n<\/tr>\n | ||||||
| 6<\/td>\n | FOREWORD <\/td>\n<\/tr>\n | ||||||
| 8<\/td>\n | INTRODUCTION <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | 1 Scope 2 Normative references <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | 3 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 4 Common security constraints 4.1 Overview 4.2 * Support of essential function <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 4.3 COMPENSATING COUNTERMEASURES Figures Figure 1 \u2013 essential function <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 4.4 LEAST PRIVILEGE 4.5 Data minimization 4.6 * Overarching constraints 4.6.1 Constraints referenced by the medical device specifications 4.6.2 Hardware security <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 4.6.3 * Specific security features for medical devices 5 security levels for the different foundational requirements 5.1 * Application of security levels 5.2 Modified specifications for security levels <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 6 Technical description <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 7 Mapping of requirements to capability security levels (SL-C) <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | Tables Table 1 \u2013 Mapping of single requirements to capability security levels (SL-C) <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | Annex A (informative)General guidance and rationale A.1 The approach of this document: Type testable medical device IT security properties <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | Figure A.1 \u2013 Illustration with security levels <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | Figure A.2 \u2013 Capability \u2013 Target \u2013 Achieved <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | Table A.1 \u2013 Exemplary criteria for the selection of appropriate targetsecurity level SL-T in typical intended use environments <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | A.2 Typical network connections of medical devices covered in this document Figure A.3 \u2013 Wireless point-to-point connection between a portable device (e.g. patient programmer) and an implant Figure A.4 \u2013 Connection between a patient’s portable device and a doctor’s computer Figure A.5 \u2013 Connection between a medical device and a doctor’s computer <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | A.3 Inclusion of me systems Figure A.6 \u2013 it-network in a hospital <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | A.4 Correlation to existing regulations, standards and technical specifications <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | Figure A.7 \u2013 Selection of IT security related documents <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | A.5 Concept of zones and conduits with specified target security levels (SLT) within an it-network as specified by IEC 62443 (all parts) [3] A.6 Documentation of capability security level (SL-C) of a medical device Figure A.8 \u2013 Example of what a complex it-network can consist of <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | A.7 Conceptual elements of IEC 62443 (all parts) [3] used for this document Table A.2 \u2013 Exemplary vector of capability security level SL-C <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | Figure A.9 \u2013 Comparison of objectives between industrial automationand control systems and general it-networks <\/td>\n<\/tr>\n | ||||||
| 50<\/td>\n | A.8 Correlation with IEC TR 80001-2-2 [9] <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Medical electrical equipment – Guidance and interpretation. Safety-related technical security specifications<\/b><\/p>\n |