UL 2900-2-1
Outline of Investigation for Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare Systems

DETAILS
Edition Number:2SCC Approved:--
Edition Date:2016-09-26DOD Approved: --
Price Code:AANSI Approved: --
Type:outline

  • SCOPE

    1 Scope

    1.1 This security evaluation outline applies to the testing of network connected components of healthcare systems. It applies to, but is not limited to, the following key components:

    a)    Medical devices;

    b)    Accessories to medical devices;

    c)    Medical device data systems;

    d)    In vitro diagnostic devices;

    e)    Health information technology; and

    f)    Wellness devices.

  • TABLE OF CONTENTS
    Expand All

    • Outline Title Page
    • Table of Contents
      • Body
        • INTRODUCTION
          • 1 Scope
          • 2 Normative References
          • 3 Glossary
        • DOCUMENTATION FOR PRODUCT, PROCESSES, AND USE
          • 4 Product Documentation
          • 5 Process Documentation
          • 6 Documentation for Product Use
            • 6.1 Safety-related security considerations for product use
            • 6.2 Instructions
        • SECURITY CONTROLS
          • 7 General
          • 8 Access Control, User Authentication, and User Authorization
          • 9 Remote Communication
          • 10 Cryptography
          • 11 Product Management
        • PRODUCT ASSESSMENT
          • 12 Safety-Related Security Risk Management
            • 12.1 Risk analysis
            • 12.2 Risk evaluation
            • 12.3 Risk control
            • 12.4 Coverage of security analysis and testing
          • 13 Known Vulnerability Testing
          • 14 Malware Testing
          • 15 Malformed Input Testing
          • 16 Structured Penetration Testing
          • 17 Software Weakness Analysis
          • 18 Static Source Code Analysis
          • 19 Static Binary and Bytecode Analysis
        • ORGANIZATIONAL ASSESSMENT
          • 20 Lifecycle Security Processes
            • 20.1 Quality management processes
            • 20.2 General procurement processes
            • 20.3 Procurement risk management process
            • 20.4 Product update release and patch management process
            • 20.5 Decommissioning process
            • 20.6 Packaging and shipment