Project Details
This standard describes the security requirements, which compose a Protection Profile, for connected
diabetes devices (CDDs). This standard includes:
1. Identification of relevant threats to CDDs and derivation of security objectives that counter those threats.
2. Derivation, from the security objectives, of security requirements for CDDs, taking into account the need to balance security and safe clinical application.
3. As part of that balance, differentiation between mandatory and optional requirements and specification of
objectives that must be handled by the CDDs deployment environment rather than the CDD itself.
4. As part of that balance, definition of multiple levels of assurance requirements, enabling certification
bodies and other stakeholders to apply a level of independent evaluation rigor that meets the collective and
often varying needs across disparate situations, deployments, treatment criticality, and device type.
5. In order to be most useful for a broad audience of stakeholders, an informative layperson's explanation of
CDD security requirements, in addition to the formal, normative requirements that follow the standardized
requirements definition framework of ISO/IEC 15408.
Standards Committee | |
PAR Approval |
2020-03-05
|
PARs |
Working Group Details
Working Group |
HDSecWG - Healthcare Device Security Assurance Working Group
|
Standards Committee | |
Society | |
IEEE Program Manager | |
Active Projects |
This standard defines a framework for a connected electronic product security evaluation program,
which includes:
1. How to apply the ISO/IEC 15408 security evaluation framework in a security evaluation program defined
by this standard.
2. Framework for authorizing independent testing labs to be used in the security evaluation program.
3. Framework for certifying results from authorized labs.
4. Framework for defining and approving new security requirements and changes to security requirements, via protection profiles and
security targets, to be used in the security evaluation program.
5. Framework for assuring continued maintenance of assurance post-certification.
|
This standard provides instruction for the safe use of consumer mobile devices (CMDs) in the control of
diabetes-related medical devices, including:
1. The safe use of CMDs in both "open loop" and "closed loop" diabetes control solutions.
2. Instruction for the creation of security targets that leverage CMDs, with differentiated emphasis for security
targets intended to meet the enhanced-basic and moderate assurance levels, as defined in other parts of this
standard.
3. Instruction for leveraging CMDs in control solutions that have stringent real-time and high-availability (of
the connected diabetes device (CDD) solution and/or its enclosing personal area network) requirements.
|