The National Institute of Standards and Technology (NIST) published a notice in today’s Federal Register (81 FR 4016-4018) inviting organizations to provide products and technical expertise to support and demonstrate security platforms for the Wireless Medical Infusion Pumps use case for the health care sector. This is the first step in the National Cybersecurity Center of Excellence’s (NCCoE) collaberation with technology companies to address cybersecurity challenges identified under the Health Care Sector program.
At this point NIST is looking for organizations to submit a letter of interest (template is available from NIST on-line) if they are interested in entering into a Cooperative Research and Development Agreement (CRADA) to provide products and technical expertise to support and demonstrate security platforms for the Wireless Medical Infusion Pumps use case for the health care sector. More information is available on the project here and here. You can see more information about the items that NIST is looking to include in the use case here.
NOTE: The second project reference mentioned above contains an interesting application (pgs 11-14) of the NIST Cybersecurity Framework (CSF) to analyze the cybersecurity requirements for the use of infusion pumps in a hospital setting. This is the first time that I have seen the CSF used at this level in an organizational review.
I’m not going to go into any more detail on this process as the way the NIST notice is worded seems to be very convoluted. I don’t stay current on acquisition and R&D project language at the Federal level, so I don’t want to put any inappropriate words into the interpretation of the NIST notice. If you’ve done work with NIST before you have a better understanding of the details of what is going on here. If you have not worked with NIST before but are still interested, contact Gavin O'Brien via email at HIT_NCCoE@nist.gov for more information.