National Cybersecurity Center of Excellence (NCCoE) Wireless Medical Infusion Pumps Use Case for the Health Care Sector, 4016-4018 [2016-01344]
Download as PDF
<![CDATA[
4016
Notices
Federal Register
Vol. 81, No. 15
Monday, January 25, 2016
This section of the FEDERAL REGISTER
contains documents other than rules or
proposed rules that are applicable to the
public. Notices of hearings and investigations,
committee meetings, agency decisions and
rulings, delegations of authority, filing of
petitions and applications and agency
statements of organization and functions are
examples of documents appearing in this
section.
DEPARTMENT OF COMMERCE
Bureau of Industry and Security
Proposed Information Collection;
Comment Request; National Security
and Critical Technology Assessments
of the U.S. Industrial Base
Bureau of Industry and
Security, Commerce.
ACTION: Notice.
AGENCY:
The Department of
Commerce, as part of its continuing
effort to reduce paperwork and
respondent burden, invites the general
public and other Federal agencies to
take this opportunity to comment on
proposed and/or continuing information
collections, as required by the
Paperwork Reduction Act of 1995.
DATES: Written comments must be
submitted on or before March 25, 2016.
ADDRESSES: Direct all written comments
to Jennifer Jessup, Departmental
Paperwork Clearance Officer,
Department of Commerce, Room 6616,
14th and Constitution Avenue NW.,
Washington, DC 20230 (or via the
Internet at JJessup@doc.gov).
FOR FURTHER INFORMATION CONTACT:
Requests for additional information or
copies of the information collection
instrument and instructions should be
directed to Mark Crace, BIS ICB Liaison,
(202) 482–8093, Mark.Crace@
bis.doc.gov.
The link below clarifies the policies
and procedures of the Bureau of
Industry and Security (BIS) for
conducting surveys to obtain
information in order to perform industry
studies assessing the U.S. industrial
base to support the national defense
pursuant to the Defense Production Act
of 1950, as amended. https://
www.federalregister.gov/articles/2015/
07/15/2015-17388/us-industrial-basesurveys-pursuant-to-the-defenseproduction-act-of-1950
SUPPLEMENTARY INFORMATION:
asabaliauskas on DSK5VPTVN1PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
13:09 Jan 22, 2016
Jkt 238001
I. Abstract
The Department of Commerce, in
coordination with the Department of
Defense and other Federal agencies,
conducts survey assessments of U.S.
industrial base sectors deemed critical
to U.S. national security. The
information gathered is necessary to
determine the health and
competitiveness as well as the needs of
these critical market segments in order
to maintain a strong U.S. industrial
base.
II. Method of Collection
Submitted electronically.
III. Data
OMB Control Number: 0694–0119.
Form Number(s): N/A.
Type of Review: Regular submission
extension.
Affected Public: Business or other forprofit organizations.
Estimated Number of Respondents:
28,000.
Estimated Time per Response: 8 to 14
hours per response.
Estimated Total Annual Burden
Hours: 308,000 hours.
Estimated Total Annual Cost to
Public: $0.
IV. Request for Comments
Comments are invited on: (a) Whether
the proposed collection of information
is necessary for the proper performance
of the functions of the agency, including
whether the information shall have
practical utility; (b) the accuracy of the
agency’s estimate of the burden
(including hours and cost) of the
proposed collection of information; (c)
ways to enhance the quality, utility, and
clarity of the information to be
collected; and (d) ways to minimize the
burden of the collection of information
on respondents, including through the
use of automated collection techniques
or other forms of information
technology.
Comments submitted in response to
this notice will be summarized and/or
included in the request for OMB
approval of this information collection;
they also will become a matter of public
record.
Sheleen Dumas,
Departmental PRA Lead, Office of the Chief
Information Officer.
[FR Doc. 2016–01338 Filed 1–22–16; 8:45 am]
BILLING CODE 3510–33–P
PO 00000
Frm 00001
Fmt 4703
Sfmt 4703
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No.: 151217999–5999–01]
RIN 0693–XC058
National Cybersecurity Center of
Excellence (NCCoE) Wireless Medical
Infusion Pumps Use Case for the
Health Care Sector
National Institute of Standards
and Technology, Department of
Commerce.
ACTION: Notice.
AGENCY:
The National Institute of
Standards and Technology (NIST)
invites organizations to provide
products and technical expertise to
support and demonstrate security
platforms for the Wireless Medical
Infusion Pumps use case for the health
care sector. This notice is the initial step
for the National Cybersecurity Center of
Excellence (NCCoE) in collaborating
with technology companies to address
cybersecurity challenges identified
under the Health Care Sector program.
Participation in the use case is open to
all interested organizations.
DATES: Interested parties must contact
NIST to request a letter of interest
template to be completed and submitted
to NIST. Letters of interest will be
accepted on a first come, first served
basis. Collaborative activities will
commence as soon as enough completed
and signed letters of interest have been
returned to address all the necessary
components and capabilities, but no
earlier than February 24, 2016. When
the use case has been completed, NIST
will post a notice on the NCCoE Health
Care Sector program Web site at https://
nccoe.nist.gov/projects/use_cases/
health_it announcing the completion of
the use case and informing the public
that it will no longer accept letters of
interest for this use case.
ADDRESSES: The NCCoE is located at
9700 Great Seneca Highway, Rockville,
MD 20850. Letters of interest must be
submitted to HIT_NCCoE@nist.gov; or
via hardcopy to National Institute of
Standards and Technology, NCCoE; 100
Bureau Drive, MS 2002, Gaithersburg,
MD, 20899. Organizations whose letters
of interest are accepted in accordance
with the process set forth in the
SUPPLEMENTARY INFORMATION section of
SUMMARY:
E:\FR\FM\25JAN1.SGM
25JAN1
Federal Register / Vol. 81, No. 15 / Monday, January 25, 2016 / Notices
this notice will be asked to sign a
Cooperative Research and Development
Agreement (CRADA) with NIST. A
CRADA template can be found at:
https://nccoe.nist.gov/library/nccoeconsortium-crada-example.
FOR FURTHER INFORMATION CONTACT:
Gavin O’Brien via email at HIT_
NCCoE@nist.gov; by telephone 240–
314–6815; or by mail to National
Institute of Standards and Technology,
NCCoE; 100 Bureau Drive, MS 2002,
Gaithersburg, MD, 20899. Additional
details about the NCCoE Health Care
Sector program are available at https://
nccoe.nist.gov/projects/use_cases/
health_it.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of
NIST, is a public-private collaboration
for accelerating the widespread
adoption of integrated cybersecurity
tools and technologies. The NCCoE
brings together experts from industry,
government, and academia under one
roof to develop practical, interoperable
cybersecurity approaches that address
the real-world needs of complex
Information Technology (IT) systems.
By accelerating dissemination and use
of these integrated tools and
technologies for protecting IT assets, the
NCCoE will enhance trust in U.S. IT
communications, data, and storage
systems; reduce risk for companies and
individuals using IT systems; and
encourage development of innovative,
job-creating cybersecurity products and
services.
Process: NIST is soliciting responses
from all sources of relevant security
capabilities (see below) to enter into a
Cooperative Research and Development
Agreement (CRADA) to provide
products and technical expertise to
support and demonstrate security
platforms for the Wireless Medical
Infusion Pumps use case for the health
care sector. The full use case can be
viewed at: https://nccoe.nist.gov/
projects/use_cases/health_it.
Interested parties should contact NIST
using the information provided in the
asabaliauskas on DSK5VPTVN1PROD with NOTICES
FOR FURTHER INFORMATION CONTACT
section of this notice. NIST will then
provide each interested party with a
letter of interest template, which the
party must complete, certify that it is
accurate, and submit to NIST. NIST will
contact interested parties if there are
questions regarding the responsiveness
of the letters of interest to the use case
objective or requirements identified
below. NIST will select participants
who have submitted complete letters of
interest on a first come, first served
basis within each category of product
components or capabilities listed below
VerDate Sep<11>2014
13:09 Jan 22, 2016
Jkt 238001
up to the number of participants in each
category necessary to carry out this use
case. However, there may be continuing
opportunity to participate even after
initial activity commences. Selected
participants will be required to enter
into a consortium CRADA with NIST
(for reference, see ADDRESSES section
above). NIST published a notice in the
Federal Register on October 19, 2012
(77 FR 64314) inviting U.S. companies
to enter into National Cybersecurity
Excellence Partnerships (NCEPs) in
furtherance of the NCCoE. For this
demonstration project, NCEP partners
will not be given priority for
participation.
Use Case Objective: In the past,
medical devices were standalone
instruments that interacted only with
the patient. Today, medical devices
have operating systems and
communication hardware that allow
them to connect to networks and other
devices. While this technology has
created more powerful tools and
improved health care, it has led to
additional risks in safety and security.
The goal of this use case is to help
health care providers secure their
medical devices on an enterprise
network, with a specific focus on
wireless infusion pumps.1 This use case
begins the process to identify the actors
interacting with infusion pumps, define
the interactions between the actors and
the system, perform a risk assessment,
identify applicable mitigating security
technologies, and provide an example
implementation.
Clinicians and patients rely on
infusion pumps for safe and accurate
administration of fluids and
medications. However, the FDA has
identified problems that can
compromise the safe use of external
infusion pumps. These issues can lead
to over or under-infusion, missed
treatments, or delayed therapy.
The publication of the use case is
merely the beginning of a process that
will identify research participants and
components of a laboratory environment
to identify, evaluate and test relevant
security tools and controls. The
approach may include: risk assessment
1 For purposes of this notice, NIST is adopting the
definition of external infusion pumps provided on
the Food and Drug Administration (FDA) Protecting
and Promoting Your Health Web site as: ‘‘Medical
devices that deliver fluids, including nutrients and
medications such as antibiotics, chemotherapy
drugs, and pain relievers, into a patient’s body in
controlled amounts. Many types of pumps,
including large volume, patient-controlled
analgesia, elastomeric, syringe, enteral, and insulin
pumps, are used worldwide in health care facilities
such as hospitals, and in the home.’’ https://
www.fda.gov/MedicalDevices/
ProductsandMedicalProcedures/GeneralHospital
DevicesandSupplies/InfusionPumps/.
PO 00000
Frm 00002
Fmt 4703
Sfmt 4703
4017
and analysis, logical design, build
development, test & evaluation and
security control mapping. The output of
the process will be the publication of a
multi-part Practice Guide to assist the
community in evaluating the security
environment surrounding their infusion
pumps deployed in a clinical setting.
A detailed description of the Wireless
Medical Infusion Pumps use case is
available at https://nccoe.nist.gov/
projects/use_cases/health_it
Requirements: Each responding
organization’s letter of interest should
identify which security platform
component(s) or capability(ies) it is
offering. Letters of interest should not
include company proprietary
information, and all components and
capabilities must be commercially
available. Components are listed in
section two of the Wireless Medical
Infusion Pumps use case (for reference,
please see the link in the PROCESS
section above) and include, but are not
limited to:
1. Wireless infusion pump
2. Pump server
3. Network
4. Alarm manager
5. Electronic medication administration
record (eMAR)
6. Point of care medication system
7. In hospital pharmacy system
8. Computerized physician order entry
(CPOE)
9. IT security system
10. Network security system
11. Credentialing/credentialing server
12. Asset management and monitoring
systems
Each responding organization’s letter of
interest should identify how their
products address one or more of the
following desired solution
characteristics in the Security Control
Map section of the Wireless Medical
Infusion Pumps use case (for reference,
please see the link in the PROCESS
section above):
1. Automatic logoff
2. Audit controls
3. Authorization
4. Configuration of security features
5. Cybersecurity product upgrades
6. Data backup and disaster recovery
7. Emergency access
8. Health data de-identification
9. Health data integrity and authenticity
10. Malware detection/protection
11. Node authentication
12. Person authentication
13. Physical locks and devices
14. Security guides
15. System and application hardening
16. Third-party components in product
lifecycle roadmaps
17. Health data storage confidentiality
E:\FR\FM\25JAN1.SGM
25JAN1
asabaliauskas on DSK5VPTVN1PROD with NOTICES
4018
Federal Register / Vol. 81, No. 15 / Monday, January 25, 2016 / Notices
18. Transmission confidentiality
19. Transmission integrity
Responding organizations need to
understand and, in their letters of
interest, commit to provide:
1. Access for all participants’ project
teams to component interfaces and the
organization’s experts necessary to make
functional connections among security
platform components.
2. Support for development and
demonstration of the Wireless Medical
Infusion Pump capability in NCCoE
facilities which will be conducted in a
manner consistent with Federal
requirements (e.g., FIPS 200, FIPS 201,
SP 800–53, and SP 800–63).
Additional details about the Wireless
Medical Infusion Pumps use case for the
Health care sector are available at
https://nccoe.nist.gov/projects/use_
cases/health_it. NIST cannot guarantee
that all of the products proposed by
respondents will be used in the
demonstration. Each prospective
participant will be expected to work
collaboratively with NIST staff and
other project participants under the
terms of the consortium CRADA in the
development of the Wireless Medical
Infusion Pump capability. Prospective
participants’ contribution to the
collaborative effort will include
assistance in establishing the necessary
interface functionality, connection and
set-up capabilities and procedures,
demonstration harnesses, environmental
and safety conditions for use, integrated
platform user instructions, and
demonstration plans and scripts
necessary to demonstrate the desired
capabilities. Each participant will train
NIST personnel, as necessary, to operate
its product in capability demonstrations
to the health care community.
Following successful demonstrations,
NIST will publish a description of the
security platform and its performance
characteristics sufficient to permit other
organizations to develop and deploy
security platforms that meet the security
objectives of the Wireless Medical
Infusion Pumps use case. These
descriptions will be public information.
Under the terms of the consortium
CRADA, NIST will support
development of interfaces among
participants’ products by providing IT
infrastructure, laboratory facilities,
office facilities, collaboration facilities,
and staff support to component
composition, security platform
documentation, and demonstration
activities.
The dates of the demonstration of the
Wireless Medical Infusion Pump
capability will be announced on the
NCCoE Web site at least two weeks in
VerDate Sep<11>2014
13:09 Jan 22, 2016
Jkt 238001
advance at https://nccoe.nist.gov/. The
expected outcome of the demonstration
is to improve wireless medical infusion
pumps across an entire health care
sector enterprise. Participating
organizations will gain from the
knowledge that their products are
interoperable with other participants’
offerings.
For additional information on the
NCCoE governance, business processes,
and NCCoE operational structure, visit
the NCCoE Web site https://
nccoe.nist.gov/.
Richard Cavanagh,
Acting Associate Director for Laboratory
Programs.
[FR Doc. 2016–01344 Filed 1–22–16; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric
Administration
RIN 0648–XE370
Fisheries of the Exclusive Economic
Zone off Alaska; Application for an
Exempted Fishing Permit
National Marine Fisheries
Service (NMFS), National Oceanic and
Atmospheric Administration (NOAA),
Commerce.
ACTION: Notice; receipt of application for
exempted fishing permit.
AGENCY:
This notice announces receipt
of an exempted fishing permit (EFP)
application from the Alaska Seafood
Cooperative (AKSC) and co-applicants.
If granted, this EFP would allow the
applicants to remove halibut from a
trawl codend on the deck, and release
those fish back to the water in a timely
manner to increase survivability. These
halibut would be sampled by NMFStrained observers for length and
physical condition using standard
International Pacific Halibut
Commission (IPHC) halibut mortality
assessment methods. The objectives of
the EFP application are to (1) test
methods for sorting halibut on deck for
suitability as an allowable fish handling
mode for the non-pollock catcher/
processor trawl fisheries (Amendment
80, community development quota
(CDQ), and trawl limited access) in the
Bering Sea and Aleutian Islands under
an eventual regulated program; (2)
simplify and improve on elements that
worked under a 2015 deck sorting EFP
project; and (3) address challenges and
issues that arose in the 2015 EFP. This
experiment has the potential to promote
the objectives of the Magnuson-Stevens
SUMMARY:
PO 00000
Frm 00003
Fmt 4703
Sfmt 4703
Fishery Conservation and Management
Act and the Northern Pacific Halibut
Act.
DATES: Comments on this EFP
application must be submitted to NMFS
on or before February 9, 2016. The
North Pacific Fishery Management
Council (Council) will consider the
application at its meeting from February
1, 2016, through February 9, 2016, in
Portland, OR.
ADDRESSES: The Council meeting will be
held at the Benson Hotel, 309 SW
Broadway, Portland, OR 97205. The
agenda for the Council meeting is
available at https://www.npfmc.org. You
may submit comments on this
document, identified by NOAA–NMFS–
2015–0162, by any of the following
methods:
• Electronic Submission: Submit all
electronic public comments via the
Federal e-Rulemaking Portal. Go to
www.regulations.gov/
#!docketDetail;D=NOAA-NMFS-20150162, click the ‘‘Comment Now!’’ icon,
complete the required fields, and enter
or attach your comments.
• Mail: Submit written comments to
Glenn Merrill, Assistant Regional
Administrator, Sustainable Fisheries
Division, Alaska Region NMFS, Attn:
Ellen Sebastian. Mail comments to P.O.
Box 21668, Juneau, AK 99802–1668.
Instructions: Comments sent by any
other method, to any other address or
individual, or received after the end of
the comment period, may not be
considered. All comments received are
a part of the public record and will
generally be posted for public viewing
on www.regulations.gov without change.
All personal identifying information
(e.g., name, address) submitted
voluntarily by the sender will be
publicly accessible. NMFS will accept
anonymous comments (enter ‘‘N/A’’ in
the required fields if you wish to remain
anonymous).
Electronic copies of the EFP
application and the basis for a
categorical exclusion under the National
Environmental Policy Act are available
from the Alaska Region, NMFS Web site
at https://alaskafisheries.noaa.gov/.
The June 2014 IPHC Report is
available from the Council Web site at
https://www.npfmc.org.
FOR FURTHER INFORMATION CONTACT: Julie
Scheurer, 907–586–7111.
SUPPLEMENTARY INFORMATION: NMFS
manages the domestic groundfish
fisheries in the Bering Sea and Aleutian
Islands management area (BSAI) under
the Fishery Management Plan for
Groundfish of the Bering Sea and
Aleutian Islands Management Area
(FMP), which the Council prepared
E:\FR\FM\25JAN1.SGM
25JAN1
]]>Agencies
[Federal Register Volume 81, Number 15 (Monday, January 25, 2016)]
[Notices]
[Pages 4016-4018]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-01344]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No.: 151217999-5999-01]
RIN 0693-XC058
National Cybersecurity Center of Excellence (NCCoE) Wireless
Medical Infusion Pumps Use Case for the Health Care Sector
AGENCY: National Institute of Standards and Technology, Department of
Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
invites organizations to provide products and technical expertise to
support and demonstrate security platforms for the Wireless Medical
Infusion Pumps use case for the health care sector. This notice is the
initial step for the National Cybersecurity Center of Excellence
(NCCoE) in collaborating with technology companies to address
cybersecurity challenges identified under the Health Care Sector
program. Participation in the use case is open to all interested
organizations.
DATES: Interested parties must contact NIST to request a letter of
interest template to be completed and submitted to NIST. Letters of
interest will be accepted on a first come, first served basis.
Collaborative activities will commence as soon as enough completed and
signed letters of interest have been returned to address all the
necessary components and capabilities, but no earlier than February 24,
2016. When the use case has been completed, NIST will post a notice on
the NCCoE Health Care Sector program Web site at https://nccoe.nist.gov/projects/use_cases/health_it announcing the completion
of the use case and informing the public that it will no longer accept
letters of interest for this use case.
ADDRESSES: The NCCoE is located at 9700 Great Seneca Highway,
Rockville, MD 20850. Letters of interest must be submitted to
HIT_NCCoE@nist.gov; or via hardcopy to National Institute of Standards
and Technology, NCCoE; 100 Bureau Drive, MS 2002, Gaithersburg, MD,
20899. Organizations whose letters of interest are accepted in
accordance with the process set forth in the SUPPLEMENTARY INFORMATION
section of
[[Page 4017]]
this notice will be asked to sign a Cooperative Research and
Development Agreement (CRADA) with NIST. A CRADA template can be found
at: https://nccoe.nist.gov/library/nccoe-consortium-crada-example.
FOR FURTHER INFORMATION CONTACT: Gavin O'Brien via email at
HIT_NCCoE@nist.gov; by telephone 240-314-6815; or by mail to National
Institute of Standards and Technology, NCCoE; 100 Bureau Drive, MS
2002, Gaithersburg, MD, 20899. Additional details about the NCCoE
Health Care Sector program are available at https://nccoe.nist.gov/projects/use_cases/health_it.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of NIST, is a public-private
collaboration for accelerating the widespread adoption of integrated
cybersecurity tools and technologies. The NCCoE brings together experts
from industry, government, and academia under one roof to develop
practical, interoperable cybersecurity approaches that address the
real-world needs of complex Information Technology (IT) systems. By
accelerating dissemination and use of these integrated tools and
technologies for protecting IT assets, the NCCoE will enhance trust in
U.S. IT communications, data, and storage systems; reduce risk for
companies and individuals using IT systems; and encourage development
of innovative, job-creating cybersecurity products and services.
Process: NIST is soliciting responses from all sources of relevant
security capabilities (see below) to enter into a Cooperative Research
and Development Agreement (CRADA) to provide products and technical
expertise to support and demonstrate security platforms for the
Wireless Medical Infusion Pumps use case for the health care sector.
The full use case can be viewed at: https://nccoe.nist.gov/projects/use_cases/health_it.
Interested parties should contact NIST using the information
provided in the FOR FURTHER INFORMATION CONTACT section of this notice.
NIST will then provide each interested party with a letter of interest
template, which the party must complete, certify that it is accurate,
and submit to NIST. NIST will contact interested parties if there are
questions regarding the responsiveness of the letters of interest to
the use case objective or requirements identified below. NIST will
select participants who have submitted complete letters of interest on
a first come, first served basis within each category of product
components or capabilities listed below up to the number of
participants in each category necessary to carry out this use case.
However, there may be continuing opportunity to participate even after
initial activity commences. Selected participants will be required to
enter into a consortium CRADA with NIST (for reference, see ADDRESSES
section above). NIST published a notice in the Federal Register on
October 19, 2012 (77 FR 64314) inviting U.S. companies to enter into
National Cybersecurity Excellence Partnerships (NCEPs) in furtherance
of the NCCoE. For this demonstration project, NCEP partners will not be
given priority for participation.
Use Case Objective: In the past, medical devices were standalone
instruments that interacted only with the patient. Today, medical
devices have operating systems and communication hardware that allow
them to connect to networks and other devices. While this technology
has created more powerful tools and improved health care, it has led to
additional risks in safety and security.
The goal of this use case is to help health care providers secure
their medical devices on an enterprise network, with a specific focus
on wireless infusion pumps.\1\ This use case begins the process to
identify the actors interacting with infusion pumps, define the
interactions between the actors and the system, perform a risk
assessment, identify applicable mitigating security technologies, and
provide an example implementation.
---------------------------------------------------------------------------
\1\ For purposes of this notice, NIST is adopting the definition
of external infusion pumps provided on the Food and Drug
Administration (FDA) Protecting and Promoting Your Health Web site
as: ``Medical devices that deliver fluids, including nutrients and
medications such as antibiotics, chemotherapy drugs, and pain
relievers, into a patient's body in controlled amounts. Many types
of pumps, including large volume, patient-controlled analgesia,
elastomeric, syringe, enteral, and insulin pumps, are used worldwide
in health care facilities such as hospitals, and in the home.''
https://www.fda.gov/MedicalDevices/ProductsandMedicalProcedures/GeneralHospitalDevicesandSupplies/InfusionPumps/.
---------------------------------------------------------------------------
Clinicians and patients rely on infusion pumps for safe and
accurate administration of fluids and medications. However, the FDA has
identified problems that can compromise the safe use of external
infusion pumps. These issues can lead to over or under-infusion, missed
treatments, or delayed therapy.
The publication of the use case is merely the beginning of a
process that will identify research participants and components of a
laboratory environment to identify, evaluate and test relevant security
tools and controls. The approach may include: risk assessment and
analysis, logical design, build development, test & evaluation and
security control mapping. The output of the process will be the
publication of a multi-part Practice Guide to assist the community in
evaluating the security environment surrounding their infusion pumps
deployed in a clinical setting.
A detailed description of the Wireless Medical Infusion Pumps use
case is available at https://nccoe.nist.gov/projects/use_cases/health_it
Requirements: Each responding organization's letter of interest
should identify which security platform component(s) or capability(ies)
it is offering. Letters of interest should not include company
proprietary information, and all components and capabilities must be
commercially available. Components are listed in section two of the
Wireless Medical Infusion Pumps use case (for reference, please see the
link in the PROCESS section above) and include, but are not limited to:
1. Wireless infusion pump
2. Pump server
3. Network
4. Alarm manager
5. Electronic medication administration record (eMAR)
6. Point of care medication system
7. In hospital pharmacy system
8. Computerized physician order entry (CPOE)
9. IT security system
10. Network security system
11. Credentialing/credentialing server
12. Asset management and monitoring systems
Each responding organization's letter of interest should identify how
their products address one or more of the following desired solution
characteristics in the Security Control Map section of the Wireless
Medical Infusion Pumps use case (for reference, please see the link in
the PROCESS section above):
1. Automatic logoff
2. Audit controls
3. Authorization
4. Configuration of security features
5. Cybersecurity product upgrades
6. Data backup and disaster recovery
7. Emergency access
8. Health data de-identification
9. Health data integrity and authenticity
10. Malware detection/protection
11. Node authentication
12. Person authentication
13. Physical locks and devices
14. Security guides
15. System and application hardening
16. Third-party components in product lifecycle roadmaps
17. Health data storage confidentiality
[[Page 4018]]
18. Transmission confidentiality
19. Transmission integrity
Responding organizations need to understand and, in their letters of
interest, commit to provide:
1. Access for all participants' project teams to component
interfaces and the organization's experts necessary to make functional
connections among security platform components.
2. Support for development and demonstration of the Wireless
Medical Infusion Pump capability in NCCoE facilities which will be
conducted in a manner consistent with Federal requirements (e.g., FIPS
200, FIPS 201, SP 800-53, and SP 800-63).
Additional details about the Wireless Medical Infusion Pumps use
case for the Health care sector are available at https://nccoe.nist.gov/projects/use_cases/health_it. NIST cannot guarantee that
all of the products proposed by respondents will be used in the
demonstration. Each prospective participant will be expected to work
collaboratively with NIST staff and other project participants under
the terms of the consortium CRADA in the development of the Wireless
Medical Infusion Pump capability. Prospective participants'
contribution to the collaborative effort will include assistance in
establishing the necessary interface functionality, connection and set-
up capabilities and procedures, demonstration harnesses, environmental
and safety conditions for use, integrated platform user instructions,
and demonstration plans and scripts necessary to demonstrate the
desired capabilities. Each participant will train NIST personnel, as
necessary, to operate its product in capability demonstrations to the
health care community. Following successful demonstrations, NIST will
publish a description of the security platform and its performance
characteristics sufficient to permit other organizations to develop and
deploy security platforms that meet the security objectives of the
Wireless Medical Infusion Pumps use case. These descriptions will be
public information.
Under the terms of the consortium CRADA, NIST will support
development of interfaces among participants' products by providing IT
infrastructure, laboratory facilities, office facilities, collaboration
facilities, and staff support to component composition, security
platform documentation, and demonstration activities.
The dates of the demonstration of the Wireless Medical Infusion
Pump capability will be announced on the NCCoE Web site at least two
weeks in advance at https://nccoe.nist.gov/. The expected outcome of
the demonstration is to improve wireless medical infusion pumps across
an entire health care sector enterprise. Participating organizations
will gain from the knowledge that their products are interoperable with
other participants' offerings.
For additional information on the NCCoE governance, business
processes, and NCCoE operational structure, visit the NCCoE Web site
https://nccoe.nist.gov/.
Richard Cavanagh,
Acting Associate Director for Laboratory Programs.
[FR Doc. 2016-01344 Filed 1-22-16; 8:45 am]
BILLING CODE 3510-13-P
