FDA Qualified Tools for Cybersecurity

Rubric for Applying CVSS to Medical Devices

Cybersecurity is a growing concern to patients and manufacturers of medical devices. If you are medical device manufacturer with cybersecurity concerns and want to make your medical device more secure, you should consider cybersecurity as part of your risk management.
If you don’t already have an approach that works for you, consider using the ‘RUBRIC FOR APPLYING CVSS [Common Vulnerability Scoring System] TO MEDICAL DEVICES’ published by the MITRE Corporation. You can use this rubric to identify vulnerabilities and their urgency and use this as input into your risk management.
As an added bonus, this tool has been qualified under the Medical Device Development Tools (MDDT) program. Even though the rubric was qualified for post-market vulnerability disclosures, the tool could still be useful during development to avoid any potential problems in advance.
https://www.mitre.org/publications/technical-papers/rubric-for-applying-cvss-to-medical-devices

To find out more about Medical Device Development Tools qualified by the FDA, or to see the qualification summary of the above tool, go to: https://www.fda.gov/medical-devices/science-and-research-medical-devices/medical-device-development-tools-mddt
 
Picture of Haylee Bosshard
Haylee Bosshard
Haylee is the CEO and founder of Conformify and has worked in the medical devices industry for a number of years. Haylee is on a mission to help companies to build effective, light-weight quality and regulatory processes that bring their medical device to market efficiently and with the highest quality.