Regulation Learning Center

Regulation Learning Center

  • Secure product development framework (SPDF)
  • Reduce number and severity of vulnerabilities; reduce exploitability
  • Transparency to the user
  • Monitor cybersecurity risks that evolve over time
  • Compliance with the Omnibus Bill
  • Security Risk Management
  • Threat modeling
  • Cybersecurity Risk Assessment
  • Interoperability
  • 3rd party software
  • Software bill of materials (SBOM)
  • CAPA
  • Unresolved anomolies
  • TPLC Security Risk Management
  • Cybersecurity Testing
  • Cybersecurtiy Management Plan
  • Authentication
  • Authorization
  • Cryptography
  • Code integrity
  • Data integrity
  • Execution integrity
  • Confidentiality
  • Event detection and logging
  • Cyber-resiliency
  • Firmware and software updates

Choose article

  • Secure product development framework (SPDF)
  • Reduce number and severity of vulnerabilities; reduce exploitability
  • Transparency to the user
  • Monitor cybersecurity risks that evolve over time
  • Compliance with the Omnibus Bill
  • Security Risk Management
  • Threat modeling
  • Cybersecurity Risk Assessment
  • Interoperability
  • 3rd party software
  • Software bill of materials (SBOM)
  • CAPA
  • Unresolved anomolies
  • TPLC Security Risk Management
  • Cybersecurity Testing
  • Cybersecurtiy Management Plan
  • Authentication
  • Authorization
  • Cryptography
  • Code integrity
  • Data integrity
  • Execution integrity
  • Confidentiality
  • Event detection and logging
  • Cyber-resiliency
  • Firmware and software updates

Secure Product Development Framework (SPDF)

An SPDF is a set of processes that help reduce the number and severity of vulnerabilities in products. It encompasses all aspects of a product’s lifecycle, including development, release, support, and decommission. It can be integrated with existing processes for product and software development, risk management, and the quality system at large.

 

Using an SPDF is one approach to help ensure that the QS regulation is met.

How Sternum Supports It

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Reduce number and severity of vulnerabilities; reduce exploitability

Reduce the number and severity of vulnerabilities and thereby reduce the exploitability of a device and the associated risk of patient harm. Because exploitation of known vulnerabilities or weak cybersecurity controls should be considered reasonably foreseeable failure modes for systems, these factors should be addressed in the device design.
 

How Sternum Supports It

Sternum Embedded Integrity Verification detects and prevents entire classifications of vulnerabilities, even during development, which eliminates the exploitability of these known or unknown vulnerabilities. This is especially true after new vulnerabilities have been published, reducing and sometimes eliminating the need to release urgent patches.

Transparency to the user

It is important for device users to have access to information pertaining to the device’s cybersecurity controls, potential risks, and other relevant information. E.g. user manuals

Monitor cybersecurity risks that evolve over time

Cybersecurity risks evolve over time and as a result, the effectiveness of cybersecurity controls may degrade as new risks, threats, and attack methods emerge. As cybersecurity is part of device safety and effectiveness, cybersecurity controls should take into consideration the intended and actual use environment

How Sternum Supports It

Sternum continuously monitors the device, its components, and network communication. Sternum can detect, prevent, and report the most common attack types. Sternum Anomaly Detection analyzes device data for suspicious and malicious behavior. Sternum generates Alerts in near real-time.

Compliance with the Omnibus Bill

For cyber devices, failure to comply with any requirement under section 524B(b)(2) (relating to ensuring device cybersecurity) is considered a prohibited act

How Sternum Supports It ​

Sternum supports compliance with the Omnibus bill by providing security design controls, post-market surveillance and security risk assessment, and a Runtime SBOM Prioritization solution.

Security Risk Management

The safety and security risks of each device should be assessed within the context of the larger system in which the device operates. In the context of cybersecurity, security risk management processes are critical because, given the evolving nature of cybersecurity threats and risks, no device is, or can be, completely secure. FDA recommends that security risk management processes, as detailed in the QS regulation, be established or incorporated into those that already exist, and should address the manufacturer’s design, manufacturing, and distribution processes, as well as updates across the TPLC.
FDA recommends that device manufacturers conduct both a safety risk assessment and a separate, accompanying security risk assessment to ensure a more comprehensive identification and management of patient safety risks.

How Sternum Supports It ​

Sternum Embedded Integrity Verification detects and prevents entire classifications of vulnerabilities, even during development, which eliminates the exploitability of these known or unknown vulnerabilities. This is especially true after new vulnerabilities have been published, reducing and sometimes eliminating the need to release urgent patches.

Threat modeling

A process for identifying security objectives, risks, and vulnerabilities across the system, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system throughout its lifecycle.

 

FDA recommends that premarket submissions include threat modeling documentation to demonstrate how the medical device system has been analyzed to identify potential security risks that could impact safety and effectiveness.

How Sternum Supports It ​

Threats to device and system Integrity and Availability identified in a threat model can be mitigated by integrating Sternum Embedded Integrity Verification into the device by design.

Cybersecurity Risk Assessment

As a part of security risk management, security risks and controls should be assessed for residual risks as part of a cybersecurity risk assessment. Effective security risk assessments address the fact that cybersecurity-related failures can occur either intentionally or unintentionally.
FDA recommends that manufacturers assess identified risks according to the level of risk posed from the device and the system in which it operates.

How Sternum Supports It ​

Sternum Embedded Integrity Verification detects and prevents entire classifications of vulnerabilities, even during development, which eliminates the exploitability of these known or unknown vulnerabilities. This is especially true after new protected vulnerabilities have been published, reducing and sometimes eliminating the need to release urgent patches. Sternum 

Runtime SBOM Prioritization supports the classification and prioritization of vulnerabilities, enabling manufacturers to optimally allocate their vulnerability management resources towards remediating risks with a higher exploitability potential.

Interoperability

As part of a medical device system, a device may have cybersecurity considerations from interoperable functionality, including but not limited to interfaces with:

  • Other medical devices and accessories;

  • ‘Other functions’ as identified in the FDA’s guidance “Multiple Function Device Products: Policy and Considerations;”

  • Interoperability with healthcare infrastructure (e.g., network, Electronic Medical Records, medical imaging systems); and

  • General purpose computing platform

3rd party software

All software, including that developed by the manufacturer (“proprietary software”) and from 3rd parties should be assessed for cybersecurity risk and that risk should be addressed or otherwise mitigate risks associated with these software components.
Manufacturers must put in place processes and controls to ensure that their suppliers conform to the manufacturer’s requirements

How Sternum Supports It ​

Sternum Embedded Integrity Verification protects both proprietary and third party software. Sternum Prevented Attack Alerts provide investigation data that can be used to determine the vulnerable software component.

Software bill of materials (SBOM)

Submit a software bill of materials, including commercial, open-source, and off-the-shelf software components, including:

  1. The asset(s) where the software component resides;
  2. The software component name;
  3. The software component version;
  4. The software component manufacturer;
  5. The software level of support provided through monitoring and maintenance from the software component manufacturer;
  6. The software component’s end-of-support date; and
  7. Any known vulnerabilities
 

How Sternum Supports It ​

Sternum Runtime SBOM Prioritization supports the classification and prioritization of vulnerabilities, enabling manufacturers to optimally allocate their vulnerability management resources towards remediating risks with a higher exploitability potential.

CAPA

SPDF documentation (e.g., threat modeling) should be used to quickly identify vulnerability impacts once a device is released and to support timely CAPA activities

How Sternum Supports It ​

Sternum continuously monitors the device, its components, and network communication. Sternum can detect, prevent, and report the most common attack types. Sternum Anomaly Detection analyzes device data for suspicious and malicious behavior. Sternum generates Alerts in near real-time. This information can be used to support CAPA assessment and investigation.

Unresolved anomolies

Provide a list of software anomalies (e.g., bugs or defects) that exist in a product at the time of submission. For each of these anomalies, FDA recommends that device manufacturers conduct an assessment of the anomaly’s impact on safety and effectiveness

TPLC Security Risk Management

Manufacturers must identify, assess, and mitigate cybersecurity vulnerabilities as they are identified throughout the supported device lifecycle.
Manufacturers should update their security risk management documentation as new information becomes available, such as when new threats, vulnerabilities, assets, or adverse impacts are discovered during development and after the device is released.
The security risk management report should:

 

  • summarize the risk evaluation methods and processes, detail the security risk assessment, and detail the risk mitigation activities

  • provide traceability between the security risks, controls and the testing reports.

Cybersecurity Testing

Cybersecurity controls require testing beyond standard software verification and validation activities to demonstrate the effectivenessSecurity testing documentation and any associated reports or assessments should be submitted in the premarket submission.

Cybersecurtiy Management Plan

Manufacturers should establish a plan for how they will identify and communicate vulnerabilities that are identified after releasing the device with users. This plan can also support risk management processes and CAPA processes.

Authentication

A system that appropriately accounts for authenticity will evaluate and ensure authenticity for:

 

  1. information at rest (stored);

  2. information in transit (transmitted);

  3. entity authentication of communication endpoints, whether those endpoints consist of software or hardware;

  4. software binaries;

  5. integrity of the execution state of currently running software; and

  6. any other appropriate parts of the system where a manufacturer’s threat model and/or risk analyses reveal the need for it

Authorization

Authorization is the right or permission that is granted to a system entity (e.g., a device, server, or software function) to access a system. Within an adequately designed authorization scheme, the principle of least privileges should be applied.

Cryptography

Cryptographic algorithms and protocols are recommended to be implemented to achieve the secure by design objectives

Code integrity

  1. Authenticate firmware and software. Verify authentication tags (e.g., signatures, message authentication codes (MACs)) of software/firmware content, version numbers, and other metadata. The version numbers intended to be installed should themselves be signed or have MACs. Devices should be electronically and visibly identifiable (e.g., Unique device identifier (UDI), model number, serial number)

  2. Allow installation of cryptographically authenticated firmware and software updates, and do not allow installation where such cryptographic authentication either is absent or fails.

  3. Ensure that the authenticity of software, firmware, and configuration are validated prior to execution e.g., “allow-listing” based on digital signatures;

  4. Disable or otherwise restrict unauthorized access to all test and debug ports (e.g., JTAG, UART) prior to delivering products

  5. Employ tamper evident seals on device enclosures and their sensitive communication ports to help verify physical integrity

  6. Hardware-based security solutions should be considered and employed when possible

Data integrity

  1. Verify the integrity of all incoming data, ensuring that it is not modified in transit or at rest.

  2. Validate that all data originating from external sources is well-formed and compliant with the expected protocol or specification.

  3. Protect the integrity of data necessary to ensure the safety and effectiveness of the device

Execution integrity

  1. Use industry-accepted best practices to maintain and verify integrity of code while it is being executed on the device.

  2. Carefully design and review all code that handles the parsing of external data using automated (e.g., static and dynamic analyses) and manual (i.e., code review) methods.

Confidentiality

Manufacturers should ensure support for the confidentiality of any/all data whose disclosure could lead to patient harm

Event detection and logging

Event detection and logging are critical capabilities that should be present in a device to ensure that suspected and successful attempts to compromise a medical device may be identified and tracked.

How Sternum Supports It

Sternum detects, alerts and prevents attempts to exploit system software vulnerabilities (zero-days) and defers patches. Sternum detects and alerts on suspicious, malicious, and anomalous behavior.

Cyber-resiliency

Devices should be designed to be resilient to possible cybersecurity incident scenarios. Cyber-resiliency capabilities are important for medical devices because they provide a safety margin against unknown future vulnerabilities.

How Sternum Supports It

Recommended System Design Input: Denial of Service Protection: The system shall provide the capability to prevent denial of service attacks.
How Sternum provides it: Sternum detects and alerts on clusters or sequences of events whose pattern indicates an attempt to deny service.

Firmware and software updates

Devices should be capable of being updated in a secure and timely manner to maintain safety and effectiveness throughout the product’s lifecycle. Manufacturers must also plan for the rapid testing, evaluation, and patching of devices deployed in the field.

Looking to learn more? Book a demo with our experts ►►

Lorem ipsum dolor sit amet

Book a demo

Platform

Solutions

Resources

Linkedin Twitter

Company

 
Linkedin Twitter

© Sternum 2024 · All rights reserved

Privacy Policy
| Trademarks and Patents
| Website by ShayAtik