Category Standard Organisation International Organization for Standardization (ISO) ID ISO/IEEE 11073-40101:2022 Type Standard Version 1 Access Fees apply to access Status Active Created Mar-22 This standard refers to cyber security measures for personal health devices and point-of-care devices. It defines an iterative, systematic, scalable, and auditable approach to identifying cyber security vulnerabilities and estimating risk. This iterative vulnerability assessment uses the STRIDE classification scheme (spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege) and the embedded Common Vulnerability Scoring System (eCVSS). The assessment includes system context, system decomposition, pre-mitigation scoring, mitigation, and post-mitigation scoring and iterates until the remaining vulnerabilities are reduced to an acceptable level of risk.Main sections:· Scope· Purpose· Risk management· Software of unknown provenance· Multicomponent system vulnerability assessment· Threat modelling· Scoring system· Process for vulnerability assessment· Annex A: (informative) Bibliography· Annex B: (informative) STRIDE· Annex C: (informative) embedded Common Vulnerability Scoring System· Annex D: (informative) Microsoft TMT2Excel Macro· Annex E: (informative) Example insulin delivery device vulnerability assessment