This technical Information Report (TIR) provides guidance on methods to perform information security risk management for a medical device in the context of the Safety Risk Management process required by ISO 14971. The TIR incorporates the expanded view of risk management from IEC 80001-1 by incorporating the same key properties of Safety, Effectiveness and Data & Systems Security with Annexes that provide process details and illustrative examples.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 1<\/td>\n | AAMI TIR57:2016\/(R)2023; Principles for medical device security\u2014Risk management <\/td>\n<\/tr>\n | ||||||
| 3<\/td>\n | Title page <\/td>\n<\/tr>\n | ||||||
| 4<\/td>\n | AAMI Technical Information Report Copyright information <\/td>\n<\/tr>\n | ||||||
| 5<\/td>\n | Contents <\/td>\n<\/tr>\n | ||||||
| 6<\/td>\n | Glossary of equivalent standards <\/td>\n<\/tr>\n | ||||||
| 7<\/td>\n | Committee representation <\/td>\n<\/tr>\n | ||||||
| 9<\/td>\n | Foreword <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | Introduction <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | Figure 1 – Schematic representation of the risk management process (ANSI\/AAMI\/ISO 14971:2007) <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | Figure 2 \u2013 A Venn diagram showing the relationship between security and safety risks <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 1 Scope 2 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 3 General guidance for performing security risk management 3.1 Security risk management process <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | Figure 3 – Schematic representation of the security risk management process 3.1.1 Relationship between security and safety risk management <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | Figure 4 \u2013 Relationships between the security risk and safety risk management processes 3.2 Management responsibilities <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 3.3 Qualification of personnel 3.4 Security risk management plan <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 3.5 Security risk management file 4 Security risk analysis 4.1 Security risk analysis process 4.2 Intended use and identification of characteristics related to the security of the medical device <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 4.3 Identification of threats, vulnerabilities, assets, and adverse impacts 4.3.1 Identification of threats 4.3.2 Identification of vulnerabilities <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 4.3.3 Identification of assets 4.3.4 Identification of adverse impacts 4.4 Estimation of the risk(s) for each applicable threat and vulnerability combination <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 5 Security risk evaluation 6 Risk control 6.1 Security risk reduction 6.2 Security risk control option analysis 6.3 Implementation of risk control measure(s) 6.4 Residual risk evaluation <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 6.5 Risk\/benefit analysis 6.6 Risks arising from risk control measures 6.7 Completeness of risk control 7 Evaluation of overall residual security risk acceptability <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 8 Security risk management report 9 Production and post-production information <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | Annex A, Security engineering principles and nomenclature A.1 Overview <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | A.2 Uniqueness of embedded medical systems <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | A.3 Stakeholders A.3.1 Patients, family, friends, and caregivers A.3.2 Regulators A.3.3 Health Delivery Organizations (HDOs) A.3.4 Manufacturers A.3.5 Academics A.3.6 Cyber Liability Insurers A.4 Security objectives and goals <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | A.5 Considerations for emergency access A.6 Medical device security architecture considerations <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | Annex B, Security risk assessment B.1 Risk assessment process <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | Figure B.1 – A basic high-level risk assessment process B.1.1 Prepare for assessment <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | B.1.2 Conduct assessment B.1.3 Communicate results B.1.4 Maintain assessment B.1.5 Other security risk assessment processes B.1.5.1 Common vulnerability scoring system (CVSS) B.1.5.2 Open web application security project (OWASP) B.1.5.3 Attack trees <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | B.2 Risk model <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | B.2.1 Threat assessment B.2.1.1 Characteristics of adversarial threats <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | B.2.1.2 Threat events <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | B.2.1.3 Example threats B.2.2 Vulnerability assessment <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | B.2.2.1 Example vulnerability classes <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | B.2.3 Impact assessment B.2.3.1 Asset inventory <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | B.2.3.2 Asset identification <\/td>\n<\/tr>\n | ||||||
| 47<\/td>\n | B.3 Assessment approaches B.4 Security analysis approaches <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | B.5 Assessing security risk <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | Annex C, Generating cybersecurity requirements <\/td>\n<\/tr>\n | ||||||
| 53<\/td>\n | Annex D, Questions that can be used to identify medical device security characteristics D.1 Essential performance <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | D.2 Data storage D.2.1 PII\/Private data assets <\/td>\n<\/tr>\n | ||||||
| 55<\/td>\n | D.2.2 Non-PII data assets D.3 Data transfer <\/td>\n<\/tr>\n | ||||||
| 56<\/td>\n | D.4 Authentication & authorization <\/td>\n<\/tr>\n | ||||||
| 57<\/td>\n | D.5 Auditing <\/td>\n<\/tr>\n | ||||||
| 58<\/td>\n | D.6 Physical security <\/td>\n<\/tr>\n | ||||||
| 59<\/td>\n | D.7 Device\/system updates <\/td>\n<\/tr>\n | ||||||
| 60<\/td>\n | D.8 Hardening <\/td>\n<\/tr>\n | ||||||
| 61<\/td>\n | D.9 Emergency access D.10 Malware\/virus protection <\/td>\n<\/tr>\n | ||||||
| 62<\/td>\n | D.11 Backup\/disaster recovery D.12 Labeling <\/td>\n<\/tr>\n | ||||||
| 63<\/td>\n | Annex E, Security risk examples applied to a medical device E.1 The Kidneato System <\/td>\n<\/tr>\n | ||||||
| 64<\/td>\n | Figure E.1- Block diagram of the Kidneato system, managed environment <\/td>\n<\/tr>\n | ||||||
| 65<\/td>\n | Figure E.2 \u2013 Block diagram of the Kidneato system, patient environment <\/td>\n<\/tr>\n | ||||||
| 66<\/td>\n | E.2 Kidneato programmer <\/td>\n<\/tr>\n | ||||||
| 67<\/td>\n | E.3 In-home monitor (IHM) E.4 Web services <\/td>\n<\/tr>\n | ||||||
| 68<\/td>\n | E.5 Web services – Direct access <\/td>\n<\/tr>\n | ||||||
| 69<\/td>\n | E.6 Web services – Instrument access E.7 Example implementations E.7.1 Example #1 Basic Cyber Hygiene <\/td>\n<\/tr>\n | ||||||
| 70<\/td>\n | E.7.1.1 Security analysis E.7.1.2 Security risk evaluation Table E.1 – Security risk evaluation table <\/td>\n<\/tr>\n | ||||||
| 73<\/td>\n | E.7.2 Example #2 Implant Communications E.7.2.1 Security analysis E.7.2.2 Security risk E.7.2.3 Likelihood E.7.2.4 Impact E.7.2.5 Risk estimation <\/td>\n<\/tr>\n | ||||||
| 74<\/td>\n | Table E.2 – Risk estimation analysis example E.7.2.6 Implemented control E.7.2.7 Residual risk estimation Table E.3 – Residual risk estimation analysis example E.7.2.8 New risk identification <\/td>\n<\/tr>\n | ||||||
| 75<\/td>\n | E.7.3 Example #3 WCA Firmware Update E.7.3.1 Initial Design E.7.3.2 Attack of the Design <\/td>\n<\/tr>\n | ||||||
| 76<\/td>\n | E.7.3.3 Results from the Attack E.7.3.4 Analysis <\/td>\n<\/tr>\n | ||||||
| 78<\/td>\n | E.7.3.5 Security Risk Controls <\/td>\n<\/tr>\n | ||||||
| 79<\/td>\n | Annex F, A comparison of terminology between key referenced standards Table F.1 – Related terms in security standards\/technical reports <\/td>\n<\/tr>\n | ||||||
| 82<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" AAMI TIR57:2016 (R2023) Principles For Medical Device Security – Risk Management<\/b><\/p>\n |