You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This repository will address the FDA's pre-market and post-market cybersecurity guidances. The goal is to develop secure and safe medical devices. More specifically, I will be focusing on
a) Security Verification and Validation
Basic Security Controls Test cases
FIPS 140-2/140-3 Test Cases
ATO/STIG Standards
b) Security Engineering and Architecture
Security Architecture Diagrams
Global System View
Single Patient Harm View
Multi Patient Harm View
Security Use Case View
Updateability and Patchability View
c) Threat Modeling
Security Requirements and Considerations:
Secure Product Development Framework (SPDF): A framework focusing on reducing vulnerabilities and ensuring cybersecurity throughout the device lifecycle, from design to decommissioning.
Designing for Security: Incorporating cybersecurity into the device design, considering factors like intended use, data interfaces, environment of use, and associated risks.
Threat Modeling: Identifying potential cybersecurity threats throughout the device system and its lifecycle.
Cybersecurity Risk Assessment: Assessing security risks and controls, including those identified in the threat model, to determine mitigation strategies.
Interoperability Considerations: Evaluating cybersecurity risks associated with the device's ability to connect and interact with other systems.
Third-Party Software Components: Documenting and mitigating risks associated with using third-party software.
Software Bill of Materials (SBOM): Providing a comprehensive inventory of software components used in the device.
Security Assessment of Unresolved Anomalies: Evaluating the security implications of software anomalies or vulnerabilities discovered during development or testing.
Total Product Lifecycle (TPLC) Security Risk Management: Managing cybersecurity risks throughout the entire device lifecycle, including post-market updates.
Implementation of Security Controls: Implementing robust security controls like authentication, authorization, cryptography, and data integrity.
Cybersecurity Testing: Conducting comprehensive testing, including vulnerability testing and penetration testing, to validate the effectiveness of security controls.