Solicitation Attachment B - NEMA MDS2 Worksheet.xlsx
Posted: May 8, 2025
• Type: .xlsx
• Size: 0.04MB
Overview
Related Opportunity
Related Agency
Summary
This manufacturer disclosure statement for medical device security (MDS2) serves as a comprehensive worksheet for manufacturers to disclose critical security-related information about their medical devices.
It includes a series of questions and sections that require detailed responses regarding the device's security features, data handling practices, and compliance with various standards such as IEC TR 80001-2-2:2012, NIST SP 800-53 Rev. 4, and ISO 27002:2013. Key areas covered include device identification, intended use in network-connected environments, vulnerability disclosure programs, management of personally identifiable information (PII), audit controls, authorization mechanisms, and cybersecurity product upgrades.
The MDS2 worksheet specifically addresses the device's capabilities related to data integrity, malware protection, emergency access to PII in medical situations, and connectivity options.
It also outlines requirements for user authentication methods and physical security measures to prevent unauthorized access to sensitive information. Additionally, it emphasizes the importance of maintaining a software bill of materials (SBOM) for operational security planning and managing third-party components throughout the device's lifecycle.
This structured approach ensures that manufacturers provide essential security disclosures that healthcare organizations can use to assess risks associated with integrating these devices into their networks.
It includes a series of questions and sections that require detailed responses regarding the device's security features, data handling practices, and compliance with various standards such as IEC TR 80001-2-2:2012, NIST SP 800-53 Rev. 4, and ISO 27002:2013. Key areas covered include device identification, intended use in network-connected environments, vulnerability disclosure programs, management of personally identifiable information (PII), audit controls, authorization mechanisms, and cybersecurity product upgrades.
The MDS2 worksheet specifically addresses the device's capabilities related to data integrity, malware protection, emergency access to PII in medical situations, and connectivity options.
It also outlines requirements for user authentication methods and physical security measures to prevent unauthorized access to sensitive information. Additionally, it emphasizes the importance of maintaining a software bill of materials (SBOM) for operational security planning and managing third-party components throughout the device's lifecycle.
This structured approach ensures that manufacturers provide essential security disclosures that healthcare organizations can use to assess risks associated with integrating these devices into their networks.
Show All