Cisco Cisco Identity Services Engine 1.2 白皮書
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 27
Document Scope
Secure access to healthcare networks comprises many topics and technologies. This guide is focused on these
specific topics:
specific topics:
●
Secure-access options for healthcare-specific devices
●
Identification and classification of healthcare-specific devices
●
Extraction of data from existing sources
●
Profiling methods and best practices
●
Segmentation of medical devices
The terms “medical,” “healthcare,” and “clinical” are often used interchangeably when referring to network devices
found in a healthcare organization. To clarify the scope of this document, the following terms will be used to
distinguish medical device types:
found in a healthcare organization. To clarify the scope of this document, the following terms will be used to
distinguish medical device types:
●
Healthcare IT: Supporting devices used in a patient care setting. Examples: nurse PC station or terminal, IP
phone, label printer and bar code scanner
phone, label printer and bar code scanner
●
Clinical devices: Devices directly related to the diagnosis and treatment of patients.
These devices can be further delineated as follows:
◦
Non-life-critical: Devices used for diagnosis and treatment, but not directly involved in life-saving or life-
sustaining functions. Examples: X-ray machine, CT scanner, ultrasound machine
sustaining functions. Examples: X-ray machine, CT scanner, ultrasound machine
◦
Life-critical: Devices directly responsible for health monitoring and the delivery of life support functions.
Examples: infusion pump, patient monitoring and telemetry, defibrillator
Examples: infusion pump, patient monitoring and telemetry, defibrillator
The focus of this guide is on best practices for the identification and classification of clinical devices and methods
available to authenticate these devices to the healthcare network. This guide thus concentrates on the devices
directly involved in the delivery of patient care and services. In addition to the above list of clinical devices, these
endpoints include point-of-care, patient wearable, MRI, surgical, laboratory and diagnostic, nurse-call-system, and
pharmaceutical devices.
available to authenticate these devices to the healthcare network. This guide thus concentrates on the devices
directly involved in the delivery of patient care and services. In addition to the above list of clinical devices, these
endpoints include point-of-care, patient wearable, MRI, surgical, laboratory and diagnostic, nurse-call-system, and
pharmaceutical devices.
Other healthcare IT devices such as network cameras, phones, environmental and building automation units,
physical access control devices, and patient entertainment systems are critical to the overall healthcare operation
but are outside the scope of this document. However, the principles discussed can be applied to the identification
and classification of all devices that connect to the healthcare network.
physical access control devices, and patient entertainment systems are critical to the overall healthcare operation
but are outside the scope of this document. However, the principles discussed can be applied to the identification
and classification of all devices that connect to the healthcare network.
This guide will also review methods to segment medical devices so that they protect data and services. Finally, this
guide will introduce Cisco’s Medical NAC Profile Library along with step-by-step procedures to apply these
healthcare profiles to your Cisco ISE deployment.
guide will introduce Cisco’s Medical NAC Profile Library along with step-by-step procedures to apply these
healthcare profiles to your Cisco ISE deployment.