Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

White Paper (Draft)

[Project Description] Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector

Date Published: November 14, 2017
Comments Due: December 14, 2017 (public comment period is CLOSED)
Email Questions to:


Jennifer Cawthra (NIST), Kevin Littlefield (MITRE), Sue Wang (MITRE), Kangmin Zheng (MITRE)


This project provides guidance that will help healthcare sector organizations implement more secure PACS solutions through the use of stronger security controls. The project will result in a freely available NIST Cybersecurity Practice Guide, documenting an example solution that demonstrates how to perform the following actions:

  • asset management;
  • access control, user identification, and authentication;
  • data security;
  • security continuous monitoring; and
  • response planning, recovery, and restoration. 

After this project description is finalized, NCCoE cybersecurity experts will collaborate with vendors of cybersecurity technologies to develop reference designs addressing these challenges.



access control; auditing; authentication; authorization; DICOM; encryption; life cycle management; multifactor authentication; PACS; physical security; Picture Archiving and Communication System; PAM; Privileged Account Management; provisioning management; user analytics; Vendor Neutral Archive; VNA
Control Families

Access Control; Audit and Accountability; Identification and Authentication; Risk Assessment; System and Communications Protection; System and Information Integrity;