医疗器械网络安全注册技术审查指导原则打印版

1Uconfidentialityintegrity1availabilityGB/T29246-20121.2.3.authenticityaccountability1availabilityusabilityavailability2non-repudiationreliabilityGB/T29246-2012assetthreatvulnerability21.PrivateDataPersonalDataSensitiveData2.1.2.U2IEC27000ISMSISMS3IEC/TR80001-2-23ALOFAUDTAUTHCNFSCSUPDIDTDTBKEMRGIGAUMLDPNAUTPAUTPLOKRDMPSAHDSGUDSTCFTXCFTXIG1.2.3IEC/TR80001-2-2:2012ApplicationofriskmanagementforIT-networksincorporatingmedicaldevices-Part2-2:Guidanceforthedisclosureandcommunicationofmedicaldevicesecurityneeds,risksandcontrols41.1234U562.3.4.1.52.1/23.1.1232.3.2016474620144320155082201424201451GB/T20271-2006GB/T20984-2007GB/T22080-2016GB/T22081-20166GB/T29246-2012GB/Z24364-2009YY/T0287-2003YY/T0316-2016YY/T0664-2008YY/T1474-2016FDA,CybersecurityforNetworkedMedicalDevicesContainingOff-the-ShelfSoftware,2005-1-14FDA,ContentofPremarketSubmissionsforManagementofCybersecurityinMedicalDevices-GuidanceforIndustryandFoodandDrugAdministrationStaff,2014-10-2FDA,RadioFrequencyWirelessTechnologyinMedicalDevices-GuidanceforIndustryandFoodandDrugAdministrationStaff,2013-8-14FDA,PostmarketManagementofCybersecurityinMedicalDevicesDraftGuidanceforIndustryandFoodandDrugAdministrationStaff,2016-1-22FDA,DesignConsiderationsandPre-marketSubmissionRecommendationsforInteroperableMedicalDevicesDraftGuidanceforIndustryandFoodandDrugAdministrationStaff,2016-1-26IEC60601-1Edition3.1:2012,Medicalelectricalequipment-Part1:GeneralrequirementsforbasicsafetyandessentialperformanceIEC82304-1,HealthSoftware-Part1:GeneralrequirementsforproductsafetyIEC80001-1:2010,ApplicationofriskmanagementforIT-networksincorporatingmedicaldevices-Part1:Roles,responsibilitiesandactivitiesIEC/TR80001-2-1:2012,ApplicationofriskmanagementforIT-networksincorporatingmedicaldevices-Part2-1:Step-by-stepriskmanagementofmedicalIT-networks-PracticalapplicationsandexamplesIEC/TR80001-2-2:2012,ApplicationofriskmanagementforIT-networksincorporatingmedicaldevices-Part2-2:Guidanceforthedisclosureandcommunicationofmedicaldevicesecurityneeds,risksandcontrolsIEC/TR80001-2-3:2012,ApplicationofriskmanagementforIT-networksincorporatingmedicaldevices-Part2-3:GuidanceforwirelessnetworksIEC/TR80001-2-4:2012,ApplicationofriskmanagementforIT-networksincorporatingmedicaldevices-Part2-4:Applicationguidance-GeneralimplementationguidanceforhealthcaredeliveryorganizationsIEC/TR80001-2-5:2014,ApplicationofriskmanagementforIT-networksincorporatingmedicaldevices-Part2-5:Applicationguidance-GuidanceondistributedalarmsystemsISO/TR80001-2-6:2014,ApplicationofriskmanagementforIT-networksincorporatingmedicaldevices-Part2-6:Applicationguidance-GuidanceforresponsibilityagreementsISO/TR80001-2-7:2015,ApplicationofriskmanagementforIT-networksincorporatingmedicaldevices-Applicationguidance-Part2-7:GuidanceforHealthcareDeliveryOrganizations(HDOs)onhowtoself-assesstheirconformancewithIEC80001-17IEC/TR80001-2-8:2016,ApplicationofriskmanagementforIT-networksincorporatingmedicaldevices-Part2-8:Applicationguidance-GuidanceonstandardsforestablishingthesecuritycapabilitiesidentifiedinIEC/TR80001-2-2IEC/TR80001-2-9,ApplicationofriskmanagementforIT-networksincorporatingmedicaldevices-Part2-9:Applicationguidance-GuidanceforuseofsecurityassurancecasestodemonstrateconfidenceinIEC/TR80001-2-2securitycapabilitiesISO/DIS27799Healthinformatics-InformationsecuritymanagementinhealthusingISO/IEC27002HIMSS/NEMAHN1-2013,ManufacturerDisclosureStatementforMedicalDeviceSecurityNEMA/MITACSP1-2016,CybersecurityforMedicalImagingIMDRF/SaMDWG/N12FINAL:2014,SoftwareasaMedicalDevice(SaMD):PossibleFrameworkforRiskCategorizationandCorrespondingConsiderations,2014-9-18