P11073-40101 - Health informatics - Device interoperability - Part 40101: Cybersecurity - Processes for vulnerability assessment
Project Details
This standard specifies an iterative, systematic, scalable, and auditable approach to identification of cybersecurity vulnerabilities and estimation of risk. The standard presents one approach to iterative vulnerability assessment using the Spoofing, Tampering, Repudiation, Information Disclosure (STRIDE) classification scheme and embedded Common Vulnerability Scoring System (eCVSS) scoring system. The assessment includes system context, system decomposition, pre-mitigation scoring, mitigation, post-mitigation score and iterates until the remaining vulnerabilities are reduced to an acceptable level of risk.
Sponsor Committee
PAR Approval
PARs
Working Group Details
Working Group
Sponsor Committee
Society
IEEE Program Manager
Active Projects
Existing Standards