This document, which is a Technical Report, provides detailed technical specifications for security features of medical devices used in medical it-networks. medical devices dealt with in this document include medical electrical equipment, medical electrical systems and medical device software. medical device software, although not in the scope of IEC 60601 (all parts), can also make use of this document. Based on the seven foundational requirements described in the state-of-the-art document IEC TS 62443‑1‑1:2009[4], this document provides specifications for different medical device capability security levels (SL-C). The specified security capabilities of a medical device can be used by various members of the medical community to integrate the device correctly into defined securityzones and conduits of a medical it-network with an appropriate medical it-network's target security level (SL-T).

This document is applicable to medical devices with external data interface(s), for example when connected to a medical it-network or when a human interface is used for processing – e.g. entering, capturing or viewing – confidential data.

This document does not apply to other software used on a medical it-network which does not meet the definition of medical device software.

This document does not apply to in-vitro diagnostic devices (IVD).