This standard describes security functional requirements for connected medical devices. It also defines three security assurance packages that frame the extent to which independent evaluation and testing of the Target of Evaluation (TOE) is conducted. The standard uses the development and evaluation process defined in ISO/IEC 15408 and ISO/IEC 18045. This standard defines the IT security requirements for a generic type of TOE and specifies the security measures to be offered by that TOE to meet stated requirements.
- Standard Committee
- EMB/Stds Com - Standards Committee
- Status
- Active PAR
- PAR Approval
- 2025-06-19
- Superseding
- 2621.2-2022 /UL 2621-2-2022
Working Group Details
- Society
- IEEE Engineering in Medicine and Biology Society
- Standard Committee
- EMB/Stds Com - Standards Committee
- Working Group
-
HDSecWG - Healthcare Device Security Assurance Working Group
- IEEE Program Manager
- Malia Zaman
Contact Malia Zaman - Working Group Chair
- David Klonoff
Other Activities From This Working Group
Current projects that have been authorized by the IEEE SA Standards Board to develop a standard.
P2621.1
Standard for Connected Medical Device Security Assurance Evaluation–Connected Electronic Product Security Evaluation Programs
This standard defines the framework of a program that evaluates the security of connected medical products. The standard describes: 1. How this standard applies the ISO/IEC 15408 security evaluation framework. 2. A framework for authorizing independent testing labs to be used in the connected medical device evaluation program. 3. A framework for certifying products. 4. A framework for approving protection profiles and security targets to be used in the security evaluation program. 5. A framework for maintenance of device security assurance post-certification.
Standards approved by the IEEE SA Standards Board that are within the 10-year lifecycle.
2621.1-2022 /UL 2621-1-2022
IEEE/UL Standard for Wireless Diabetes Device Security Assurance Evaluation: Connected Electronic Product Security Evaluation Programs
A framework for a connected electronic product security assurance evaluation program, with specific requirements and guidance relating to digital diabetes devices and solutions, such as insulin pumps is described in this standard.
2621.2-2022 /UL 2621-2-2022
IEEE/UL Standard for Wireless Diabetes Device Security: Information Security Requirements for Connected Diabetes Solutions
A framework for a connected electronic product security evaluation program, with specific requirements and guidance relating to digital diabetes devices and solutions, such as insulin pumps is defined in this standard.
2621.3-2022 /UL 2621-3-2022
IEEE/UL Recommended Practice for Wireless Diabetes Device Security: Use of Mobile Devices in Diabetes Control Contexts
A framework for a connected electronic product security evaluation program, with specific requirements and guidance relating to digital diabetes devices and solutions, such as insulin pumps is defined in this standard.
These standards have been replaced with a revised version of the standard, or by a compilation of the original active standard and all its existing amendments, corrigenda, and errata.
No Superseded Standards
These standards have been removed from active status through a ballot where the standard is made inactive as a consensus decision of a balloting group.
No Inactive-Withdrawn Standards
These standards are removed from active status through an administrative process for standards that have not undergone a revision process within 10 years.
No Inactive-Reserved Standards