IEC/DTS 81001-2-2

FINAL DRAFT
Technical
Specification
ISO/TC 215
Health software and health IT
Secretariat: ANSI
systems safety, effectiveness and
Voting begins on:
security —
2025-06-13
Part 2-2:
Voting terminates on:
2025-08-08
Guidance for the implementation,
disclosure and communication of
security needs, risks and controls
Sécurité, efficacité et sûreté des logiciels de santé et des systèmes
TI de santé —
Partie 2-2: Recommandations pour la mise en œuvre, la
divulgation et la communication des besoins, des risques et des
contrôles en matière de sécurité
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPORTING D OCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
This draft is submitted to a parallel vote in ISO and in IEC.
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
TO BECOME STAND ARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
Reference number
© ISO 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© IEC 2025 – All rights reserved
ii
IEC DTS 81001-2-2 © IEC 2025
1 CONTENTS
3 FOREWORD . 3
4 INTRODUCTION . 5
5 1 Scope . 7
6 2 Normative references . 7
7 3 Terms and definitions . 8
8 4 Use of security capabilities . 9
9 4.1 Structure of a security capability entry . 9
10 4.2 Guidance on the communication of security capabilities and shared
11 responsibility . 9
12 4.3 Guidance for use of security capabilities in the risk management process . 9
13 4.4 Guidance on the application of risk management processes . 9
14 5 Security capabilities . 10
15 5.1 General . 10
16 5.2 Automatic logoff (ALOF) . 11
17 5.3 Audit controls (AUDT) . 12
18 5.4 Authorization (AUTH) . 13
19 5.5 Cybersecurity product upgrades (CSUP) . 14
20 5.6 Health data de-identification (DIDT) . 15
21 5.7 Data backup and disaster recovery (DTBK) . 16
22 5.8 Emergency access (EMRG) . 16
23 5.9 Health data integrity and authenticity (IGAU) . 17
24 5.10 Malware detection/protection (MLDP). 17
25 5.11 Node authentication (NAUT) . 18
26 5.12 Person authentication (PAUT) . 19
27 5.13 Physical locks on product (PLOK) . 20
28 5.14 Third-party components in product life cycle roadmaps (RDMP) . 20
29 5.15 System and application hardening (SAHD) . 21
30 5.16 Health data storage confidentiality (STCF) . 21
31 5.17 Transmission confidentiality (TXCF) . 22
32 5.18 Transmission integrity and authenticity (TXIG) . 22
33 6 Additional supporting information . 22
34 6.1 General . 22
35 6.2 Connectivity capabilities (CONN) . 23
36 6.3 Management of personally identifiable information (MPII) . 23
37 6.4 Remote services (RMOT) . 24
38 6.5 Software Bill of Materials (SBOM) . 25
39 6.6 Security guides (SGUD) . 26
40 7 Examples of some security capabilities . 26
41 7.1 Example of detailed specification under security capability: Person
42 authentication (PAUT) . 26
43 7.2 Example for Software Bill of Materials (SBOM) . 27
44 8 References and other resources . 28
45 8.1 General . 28
46 8.2 Manufacturer disclosure statement for medical device security (MDS2) . 29
47 8.3 Application security questionnaire (ASQ) . 29
IEC DTS 81001-2-2 © IEC 2025
48 8.4 HL7 Functional Electronic Health Record (EHR) . 29
49 8.5 Standards and frameworks. 29
50 Annex A (informative) Sample scenario showing the exchange of security information . 32
51 A.1 Introduction to the security characteristics scenario . 32
52 A.2 Manufacturer Disclosure Statement for Medical device Security (MDS2) . 33
53 Annex B (informative) Examples of regional specification on a few security capabilities . 47
54 Annex C (informative) Guidance for selecting security controls to satisfy the security
55 capabilities . 50
56 C.1 General . 50
57 C.2 Automatic logoff (ALOF) . 53
58 C.3 Audit controls (AUDT) . 54
59 C.4 Authorization (AUTH) . 56
60 C.5 Cybersecurity product upgrades (CSUP) . 59
61 C.6 Health data de-identification (DIDT) . 60
62 C.7 Data backup and disaster recovery (DTBK) . 62
63 C.8 Emergency access (EMRG) . 64
64 C.9 Health data integrity and authenticity (IGAU) . 65
65 C.10 Malware detection/protection (MLDP). 67
66 C.11 Node authentication (NAUT) . 70
67 C.12 Person authentication (PAUT) . 72
68 C.13 Physical locks on product (PLOK) . 75
69 C.14 Third-party components in product life cycle roadmaps (RDMP) . 77
70 C.15 System and application hardening (SAHD) . 79
71 C.16 Health data storage confidentiality (STCF) . 83
72 C.17 Transmission confidentiality (TXCF) . 85
73 C.18 Transmission integrity and authenticity (TXIG) . 87
74 C.19 Connectivity capabilities (CONN) . 88
75 C.20 Management of personally identifiable information (MPII) . 90
76 C.21 Remote services (RMOT) . 91
77 C.22 Software Bill of Materials (SBOM) . 92
78 C.23 Security guides (SGUD) . 94
79 Annex D (informative) Security capability and additional security information mapping
80 to C-I-A-A-A . 98
81 Bibliography . 100
82 Alphabetized index of defined terms . 104
84 Figure 1 – Health software Field of Application as shown in IEC 81001-5-1 [2] . 7
85 Figure 2 – Sample Structure for “Medical device2” . 27
87 Table 1 – Example SBOM for “Medical device2” . 28
88 Table D.1 – Sample mapping by a hypothetical HDO . 98
IEC DTS 81001-2-2 © IEC 2025
91 INTERNATIONAL ELECTROTECHNICAL COMMISSION
92 ____________
94 HEALTH SOFTWARE AND HEALTH IT SYSTEMS SAFETY,
95 EFFECTIVENESS AND SECURITY –
97 Part 2-2: Coordination – Guidance for the implementation, disclosure and
98 communication of security needs, risks and controls
100 FOREWORD
101 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
102 all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
103 co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
104 in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
105 Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their
106 preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
107 may participate in this preparatory work. International, governmental and non-governmental organizations liaising
108 with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
109 Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
110 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
111 consensus of opinion on the relevant subjects since each technical committee has representation from all
112 interested IEC National Committees.
113 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
114 Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
115 Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
116 misinterpretation by any end user.
117 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
118 transparently to the maximum extent possible in their national and regional publications. Any divergence between
119 any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
120 5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
121 assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
122 services carried out by independent certification bodies.
123 6) All users should ensure that they have the latest edition of this publication.
124 7) No liability shall attach to IEC or its directors, employees, servants or agents including ind
...