Regulation Learning Center
- Secure product development framework (SPDF)
- Reduce number and severity of vulnerabilities; reduce exploitability
- Transparency to the user
- Monitor cybersecurity risks that evolve over time
- Compliance with the Omnibus Bill
- Security Risk Management
- Threat modeling
- Cybersecurity Risk Assessment
- Interoperability
- 3rd party software
- Software bill of materials (SBOM)
- CAPA
- Unresolved anomolies
- TPLC Security Risk Management
- Cybersecurity Testing
- Cybersecurtiy Management Plan
- Authentication
- Authorization
- Cryptography
- Code integrity
- Data integrity
- Execution integrity
- Confidentiality
- Event detection and logging
- Cyber-resiliency
- Firmware and software updates
Choose article
- Secure product development framework (SPDF)
- Reduce number and severity of vulnerabilities; reduce exploitability
- Transparency to the user
- Monitor cybersecurity risks that evolve over time
- Compliance with the Omnibus Bill
- Security Risk Management
- Threat modeling
- Cybersecurity Risk Assessment
- Interoperability
- 3rd party software
- Software bill of materials (SBOM)
- CAPA
- Unresolved anomolies
- TPLC Security Risk Management
- Cybersecurity Testing
- Cybersecurtiy Management Plan
- Authentication
- Authorization
- Cryptography
- Code integrity
- Data integrity
- Execution integrity
- Confidentiality
- Event detection and logging
- Cyber-resiliency
- Firmware and software updates
Secure Product Development Framework (SPDF)
An SPDF is a set of processes that help reduce the number and severity of vulnerabilities in products. It encompasses all aspects of a product’s lifecycle, including development, release, support, and decommission. It can be integrated with existing processes for product and software development, risk management, and the quality system at large.
Using an SPDF is one approach to help ensure that the QS regulation is met.
How Sternum Supports It
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Reduce number and severity of vulnerabilities; reduce exploitability
How Sternum Supports It
Sternum Embedded Integrity Verification detects and prevents entire classifications of vulnerabilities, even during development, which eliminates the exploitability of these known or unknown vulnerabilities. This is especially true after new vulnerabilities have been published, reducing and sometimes eliminating the need to release urgent patches.
Transparency to the user
Monitor cybersecurity risks that evolve over time
How Sternum Supports It
Sternum continuously monitors the device, its components, and network communication. Sternum can detect, prevent, and report the most common attack types. Sternum Anomaly Detection analyzes device data for suspicious and malicious behavior. Sternum generates Alerts in near real-time.
Compliance with the Omnibus Bill
How Sternum Supports It
Sternum supports compliance with the Omnibus bill by providing security design controls, post-market surveillance and security risk assessment, and a Runtime SBOM Prioritization solution.
Security Risk Management
The safety and security risks of each device should be assessed within the context of the larger system in which the device operates. In the context of cybersecurity, security risk management processes are critical because, given the evolving nature of cybersecurity threats and risks, no device is, or can be, completely secure. FDA recommends that security risk management processes, as detailed in the QS regulation, be established or incorporated into those that already exist, and should address the manufacturer’s design, manufacturing, and distribution processes, as well as updates across the TPLC.
FDA recommends that device manufacturers conduct both a safety risk assessment and a separate, accompanying security risk assessment to ensure a more comprehensive identification and management of patient safety risks.
How Sternum Supports It
Sternum Embedded Integrity Verification detects and prevents entire classifications of vulnerabilities, even during development, which eliminates the exploitability of these known or unknown vulnerabilities. This is especially true after new vulnerabilities have been published, reducing and sometimes eliminating the need to release urgent patches.
Threat modeling
A process for identifying security objectives, risks, and vulnerabilities across the system, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system throughout its lifecycle.
FDA recommends that premarket submissions include threat modeling documentation to demonstrate how the medical device system has been analyzed to identify potential security risks that could impact safety and effectiveness.
How Sternum Supports It
Threats to device and system Integrity and Availability identified in a threat model can be mitigated by integrating Sternum Embedded Integrity Verification into the device by design.
Cybersecurity Risk Assessment
As a part of security risk management, security risks and controls should be assessed for residual risks as part of a cybersecurity risk assessment. Effective security risk assessments address the fact that cybersecurity-related failures can occur either intentionally or unintentionally.
FDA recommends that manufacturers assess identified risks according to the level of risk posed from the device and the system in which it operates.
How Sternum Supports It
Sternum Embedded Integrity Verification detects and prevents entire classifications of vulnerabilities, even during development, which eliminates the exploitability of these known or unknown vulnerabilities. This is especially true after new protected vulnerabilities have been published, reducing and sometimes eliminating the need to release urgent patches. Sternum
Runtime SBOM Prioritization supports the classification and prioritization of vulnerabilities, enabling manufacturers to optimally allocate their vulnerability management resources towards remediating risks with a higher exploitability potential.
Interoperability
As part of a medical device system, a device may have cybersecurity considerations from interoperable functionality, including but not limited to interfaces with:
- Other medical devices and accessories;
- ‘Other functions’ as identified in the FDA’s guidance “Multiple Function Device Products: Policy and Considerations;”
- Interoperability with healthcare infrastructure (e.g., network, Electronic Medical Records, medical imaging systems); and
- General purpose computing platform
3rd party software
All software, including that developed by the manufacturer (“proprietary software”) and from 3rd parties should be assessed for cybersecurity risk and that risk should be addressed or otherwise mitigate risks associated with these software components.
Manufacturers must put in place processes and controls to ensure that their suppliers conform to the manufacturer’s requirements
How Sternum Supports It
Sternum Embedded Integrity Verification protects both proprietary and third party software. Sternum Prevented Attack Alerts provide investigation data that can be used to determine the vulnerable software component.
Software bill of materials (SBOM)
Submit a software bill of materials, including commercial, open-source, and off-the-shelf software components, including:
- The asset(s) where the software component resides;
- The software component name;
- The software component version;
- The software component manufacturer;
- The software level of support provided through monitoring and maintenance from the software component manufacturer;
- The software component’s end-of-support date; and
- Any known vulnerabilities
How Sternum Supports It
Sternum Runtime SBOM Prioritization supports the classification and prioritization of vulnerabilities, enabling manufacturers to optimally allocate their vulnerability management resources towards remediating risks with a higher exploitability potential.
CAPA
How Sternum Supports It
Sternum continuously monitors the device, its components, and network communication. Sternum can detect, prevent, and report the most common attack types. Sternum Anomaly Detection analyzes device data for suspicious and malicious behavior. Sternum generates Alerts in near real-time. This information can be used to support CAPA assessment and investigation.
Unresolved anomolies
TPLC Security Risk Management
Manufacturers must identify, assess, and mitigate cybersecurity vulnerabilities as they are identified throughout the supported device lifecycle.
Manufacturers should update their security risk management documentation as new information becomes available, such as when new threats, vulnerabilities, assets, or adverse impacts are discovered during development and after the device is released.
The security risk management report should:
- summarize the risk evaluation methods and processes, detail the security risk assessment, and detail the risk mitigation activities
- provide traceability between the security risks, controls and the testing reports.
Cybersecurity Testing
Cybersecurity controls require testing beyond standard software verification and validation activities to demonstrate the effectivenessSecurity testing documentation and any associated reports or assessments should be submitted in the premarket submission.
Cybersecurtiy Management Plan
Authentication
A system that appropriately accounts for authenticity will evaluate and ensure authenticity for:
- information at rest (stored);
- information in transit (transmitted);
- entity authentication of communication endpoints, whether those endpoints consist of software or hardware;
- software binaries;
- integrity of the execution state of currently running software; and
- any other appropriate parts of the system where a manufacturer’s threat model and/or risk analyses reveal the need for it
Authorization
Cryptography
Code integrity
- Authenticate firmware and software. Verify authentication tags (e.g., signatures, message authentication codes (MACs)) of software/firmware content, version numbers, and other metadata. The version numbers intended to be installed should themselves be signed or have MACs. Devices should be electronically and visibly identifiable (e.g., Unique device identifier (UDI), model number, serial number)
- Allow installation of cryptographically authenticated firmware and software updates, and do not allow installation where such cryptographic authentication either is absent or fails.
- Ensure that the authenticity of software, firmware, and configuration are validated prior to execution e.g., “allow-listing” based on digital signatures;
- Disable or otherwise restrict unauthorized access to all test and debug ports (e.g., JTAG, UART) prior to delivering products
- Employ tamper evident seals on device enclosures and their sensitive communication ports to help verify physical integrity
- Hardware-based security solutions should be considered and employed when possible
Data integrity
- Verify the integrity of all incoming data, ensuring that it is not modified in transit or at rest.
- Validate that all data originating from external sources is well-formed and compliant with the expected protocol or specification.
- Protect the integrity of data necessary to ensure the safety and effectiveness of the device
Execution integrity
- Use industry-accepted best practices to maintain and verify integrity of code while it is being executed on the device.
- Carefully design and review all code that handles the parsing of external data using automated (e.g., static and dynamic analyses) and manual (i.e., code review) methods.
Confidentiality
Event detection and logging
How Sternum Supports It
Cyber-resiliency
How Sternum Supports It
Recommended System Design Input: Denial of Service Protection: The system shall provide the capability to prevent denial of service attacks.
How Sternum provides it: Sternum detects and alerts on clusters or sequences of events whose pattern indicates an attempt to deny service.