Securing Picture Archiving and Communication System

Download the Practice Guide

The NCCoE has released the draft version of NIST Cybersecurity Practice Guide SP 1800-24, Securing Picture Archiving and Communication System. Use the button below to view this publication in its entirety or scroll down for links to a specific section.

Download PDF »

Current Status

The NCCoE released a draft of the NIST Cybersecurity Practice Guide, SP 1800-24, Securing Picture Archiving and Communication System, on September 16, 2019, and is requesting your feedback. Public comments on the draft will close on November 18, 2019.

For ease of use, the draft guide is available to download or read in volumes:

  • SP 1800-24A: Executive Summary (PDF)  

  • SP 1800-24B: Approach, Architecture, and Security Characteristics (PDF)

  • SP 1800-24C: How-To Guides (PDF)

Or download the complete guide (PDF).

Read the two-page fact sheet for a brief overview of this project.

To stay up to date on this project, please subscribe to the NCCoE Healthcare email list. If you have any questions or would like to join our Community of Interest, please email the project team at HIT_nccoe@nist.gov.

Summary

The National Cybersecurity Center of Excellence (NCCoE) at NIST is proposing a project to provide guidance on securing the Picture Archiving and Communication System (PACS) ecosystem in Healthcare Delivery Organizations (HDOs). This project will include the development of a reference design and use commercially available technologies to develop an example solution that will help healthcare sector organizations implement more secure PACS solutions through the use of stronger security controls.

PACS is nearly ubiquitous in hospitals, prompting the Healthcare Sector to identify its security as a critical need. HDOs face many challenges securing a PACS. These challenges include:

  • asset management
  • access control, user identification and authentication
  • data security
  • security continuous monitoring
  • response planning, recovery and restoration

PACS requires controls that provide significant integrity, availability, and confidentiality assurances because it ties into doctor-patient workflow management. The results are based on image interpretation which aids in deciding a patient’s next step such as determination of health condition, follow-on visits, patient care, and other actions.

This project focuses on providing increased security benefits while minimizing the impact and availability to PACS and other components. Improved control and management of PACS can limit exposures to a threat vector that could act as a point where an attack may be performed or serve as a pivot point into an integrated healthcare information system, thereby improving a HDOs cybersecurity posture. The scope of the project will include the PACS ecosystem to allow storage, retrieval, management, distribution, and presentation of medical images. It will result in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps required to implement a cybersecurity reference design that addresses this challenge.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Cisco
Clearwater Compliance
DigiCert
ForeScout logo
Phillips Logo
Symantec logo
TDI Technologies logo
Tempered Networks
Tripwire logo
Virta Labs
Zingbox