ISO/IEEE 11073-40102:2022 健康信息学 设备互操作性 第40102部分：基础 网络安全 缓解能力

标准编号：ISO/IEEE 11073-40102:2022

中文名称：健康信息学 设备互操作性 第40102部分：基础 网络安全 缓解能力

英文名称：Health informatics — Device interoperability — Part 40102: Foundational — Cybersecurity — Capabilities for mitigation

发布日期：2022-03

标准范围

在安全即插即用互操作性的背景下，网络安全是防止未经授权访问或修改、误用、拒绝使用或未经授权使用存储在PHD/PoCD上、从PHD/PoCD访问或传输到PHD/PoCD的信息的过程和能力。网络安全的能力部分是与数字数据以及与安全性和可用性的关系相关的信息安全控制。对于博士/博士生，本标准定义了特定用例或满足特定标准时应用层网络安全缓解技术的安全基线。本标准提供了一个适用于PHD/PoCD接口的可扩展信息安全工具箱，它满足了国家标准与技术研究所（NIST）和欧洲网络与信息安全局（ENISA）的要求和建议。本标准适用于NIST网络安全框架[B15]；IEC TR 80001-2-2[B8]；以及欺骗、篡改、否认、信息泄露、拒绝服务和特权提升（STRIDE）分类方案。缓解技术基于扩展的CIA triad（第4条），一般描述为允许制造商确定最合适的算法和实现。

Within the context of secure plug-and-play interoperability, cybersecurity is the process and capability of preventing unauthorized access or modification, misuse, denial of use, or the unauthorized use of information that is stored on, accessed from, or transferred to and from a PHD/PoCD. The capability part of cybersecurity is information security controls related to both digital data and the relationships to safety and usability.For PHDs/PoCDs, this standard defines a security baseline of application layer cybersecurity mitigation techniques for certain use cases or for times when certain criteria are met. This standard provides a scalable information security toolbox appropriate for PHD/PoCD interfaces, which fulfills the intersection of requirements and recommendations from National Institute of Standards and Technology (NIST) and the European Network and Information Security Agency (ENISA). This standard maps to the NIST cybersecurity framework [B15]; IEC TR 80001-2-2 [B8]; and the Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) classification scheme. The mitigation techniques are based on the extended CIA triad (Clause 4) and are described generally to allow manufacturers to determine the most appropriate algorithms and implementations.

标准预览图