Cisco Cisco Identity Services Engine 1.3 백서
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 27
Introduction
What Is the Cisco Medical NAC?
Cisco
®
Medical Network Access Control (NAC) is a highly secure network access and policy management solution.
It is designed to meet the specific needs of healthcare providers. Network access for both users and equipment
typically spans many areas. Administrators, physicians, nurses, laboratory scientists and technicians, patients,
visitors, partners, support staff, and other users need reliable and secure connectivity. An even larger list of
nonuser devices must also securely connect to the network. These include critical-care devices, the network
infrastructure, building automation and control, printers, phones, cameras, power control, point-of-sale, and
entertainment systems.
typically spans many areas. Administrators, physicians, nurses, laboratory scientists and technicians, patients,
visitors, partners, support staff, and other users need reliable and secure connectivity. An even larger list of
nonuser devices must also securely connect to the network. These include critical-care devices, the network
infrastructure, building automation and control, printers, phones, cameras, power control, point-of-sale, and
entertainment systems.
Granting the appropriate level of access to both users and devices based on their functions and roles is critical if an
organization wishes to provide secure and differentiated control to its resources on one common network.
organization wishes to provide secure and differentiated control to its resources on one common network.
Healthcare providers must also adhere to strict privacy laws and guidelines. These include the Health Insurance
Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS), which
safeguard patient medical, financial, and electronic protected health information (ePHI). These laws and
requirements, along with mandates from regulatory bodies such as the Food and Drug Administration (FDA), aim
to ensure that each endpoint that connects to the network is detected, validated for compliance, and given access
only to its intended resources. Healthcare organizations risk serious civil and criminal penalties for each breach
incident. The total cost can spiral into the millions of dollars when the cost of notification, class action suites,
remediation, and loss of business are taken into account. [Reference:
Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS), which
safeguard patient medical, financial, and electronic protected health information (ePHI). These laws and
requirements, along with mandates from regulatory bodies such as the Food and Drug Administration (FDA), aim
to ensure that each endpoint that connects to the network is detected, validated for compliance, and given access
only to its intended resources. Healthcare organizations risk serious civil and criminal penalties for each breach
incident. The total cost can spiral into the millions of dollars when the cost of notification, class action suites,
remediation, and loss of business are taken into account. [Reference:
In addition to protecting patient information, healthcare organizations must also protect clinical devices: the devices
and systems responsible for the delivery of treatment. To meet these demands, it is often necessary to isolate both
medical devices and user traffic by function and sensitivity to avoid exposure or interference between them. For
example, a patient’s personally identifiable information (PII) must not be accessible to nonauthorized parties. Billing
and patient records should be kept separate and protected. And infusion pumps and patient monitors must be
segregated from other networked hosts to prevent accidental or deliberate exposure and tampering.
and systems responsible for the delivery of treatment. To meet these demands, it is often necessary to isolate both
medical devices and user traffic by function and sensitivity to avoid exposure or interference between them. For
example, a patient’s personally identifiable information (PII) must not be accessible to nonauthorized parties. Billing
and patient records should be kept separate and protected. And infusion pumps and patient monitors must be
segregated from other networked hosts to prevent accidental or deliberate exposure and tampering.
To deliver secure network access to each of these users and devices, a comprehensive access and policy control
solution must be implemented to address these key requirements:
solution must be implemented to address these key requirements:
●
Identification and classification of all devices that connect to the network
●
Strong authentication and authorization for all medical and supporting staff
●
Compliance validation for staff members to validate current patches and client security software are
installed and up to date
installed and up to date
●
Guest management system to allow simple but secure access to patients and visitors
●
Device registration and onboarding of new corporate and personal assets
●
Effective enforcement controls at the point of access and throughout the network
●
Continuous monitoring and visibility for all network access, violations, and vulnerabilities
●
Ability to detect threats and provide automated alerts and responses