Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

White Paper (DRAFT)

[Project Description] Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector

Date Published: November 14, 2017
Comments Due: December 14, 2017 (public comment period is CLOSED)
Email Questions to: hit_nccoe@nist.gov

Withdrawn: January 23, 2018

Author(s)

Jennifer Cawthra (NIST), Kevin Littlefield (MITRE), Sue Wang (MITRE), Kangmin Zheng (MITRE)

Announcement

This project provides guidance that will help healthcare sector organizations implement more secure PACS solutions through the use of stronger security controls. The project will result in a freely available NIST Cybersecurity Practice Guide, documenting an example solution that demonstrates how to perform the following actions:

  • asset management;
  • access control, user identification, and authentication;
  • data security;
  • security continuous monitoring; and
  • response planning, recovery, and restoration. 

After this project description is finalized, NCCoE cybersecurity experts will collaborate with vendors of cybersecurity technologies to develop reference designs addressing these challenges.

Abstract

Keywords

access control; auditing; authentication; authorization; DICOM; encryption; life cycle management; multifactor authentication; PACS; physical security; Picture Archiving and Communication System; PAM; Privileged Account Management; provisioning management; user analytics; Vendor Neutral Archive; VNA
Control Families

Access Control; Audit and Accountability; Identification and Authentication; Risk Assessment; System and Communications Protection; System and Information Integrity;