Home / Frameworks / IEC TR 60601-4-5

IEC TR 60601-4-5 v2024

Medical Device Security

Framework data extracted from the Secure Controls Framework (SCF) v2025.4 Set Theory Relationship Mapping (STRM) files, licensed under CC BY-ND 4.0 . Attribution required per license terms.

SCF Official Site License Terms

43 All

1 — Scope (1 requirements)

1.0Scope

2 — Normative References (1 requirements)

2.0Normative References

3 — Terms and Definitions (1 requirements)

3.0Terms and Definitions

4 — General Requirements (10 requirements)

4.0General Requirements

4.1Security Risk Assessment

4.2Security Risk Management Plan

4.3Threat Modeling

4.4Security Requirements Specification

4.5Security Architecture Design

4.6Security Testing

4.6.1Vulnerability Testing

4.6.2Fuzz Testing

4.6.3Penetration Testing

5 — Security Capabilities (7 requirements)

5.0Security Capabilities Overview

5.1Security Capability Categories

5.2IEC 62443-4-2 Foundational Requirements

5.2 - CR 1.2 RE(1)Unique Identification and Authentication

5.2 - CR 2.1Authorization Enforcement

5.2 - CR 4.1Information Confidentiality

5.2 - CR 5.1Restricted Data Flow

6 — Security Requirements (1 requirements)

6.0Security Requirements Overview

6(a) — Automatic Logoff (1 requirements)

6(a)Automatic Logoff

6(b) — Audit Controls (1 requirements)

6(b)Audit Controls

6(c) — Authorization (1 requirements)

6(c)Authorization

6(d) — Configuration of Security Features (1 requirements)

6(d)Configuration of Security Features

6(e) — Cyber Security Product Upgrades (1 requirements)

6(e)Cyber Security Product Upgrades

6(f) — Data De-Identification (1 requirements)

6(f)Data De-Identification

6(g) — Data Integrity and Authenticity (1 requirements)

6(g)Data Integrity and Authenticity

6(h) — Data Backup and Recovery (1 requirements)

6(h)Data Backup and Recovery

6(i) — Emergency Access (1 requirements)

6(i)Emergency Access

6(j) — Health Data Storage Confidentiality (1 requirements)

6(j)Health Data Storage Confidentiality

6(k) — Malware Detection/Protection (1 requirements)

6(k)Malware Detection and Protection

6(l) — Node Authentication (1 requirements)

6(l)Node Authentication

6(m) — Person Authentication (1 requirements)

6(m)Person Authentication

6(n) — Physical Locks (1 requirements)

6(n)Physical Locks

6(o) — System and Application Hardening (1 requirements)

6(o)System and Application Hardening

6(p) — Security Guides (1 requirements)

6(p)Security Guides

6(q) — Health Data Integrity and Confidentiality (1 requirements)

6(q)Health Data Integrity and Confidentiality

6(r) — Transmission Integrity (1 requirements)

6(r)Transmission Integrity

6(s) — Transmission Confidentiality (1 requirements)

6(s)Transmission Confidentiality

6(t) — Software Bill of Materials (1 requirements)

6(t)Software Bill of Materials

6(u) — Third-Party Components in Product Lifecycle (1 requirements)

6(u)Third-Party Components in Product Lifecycle

6(v) — Security Risk Management (1 requirements)

6(v)Security Risk Management