In late 2018, the FDA released a new guidance entitled Content of Premarket Submission for Management of Cybersecurity in Medical Devices. Satisfying the requirements outlined in the FDA premarket cybersecurity guidance not only helps ensure the development of safe and secure medical devices, but also increases the likelihood of your device meeting FDA clearance. Sternum’s top priority is ensuring the security of embedded devices. We are proud to share some of the ways in which our technology meet the key requirements outlined in the new FDA guidance.
FDA Cybersecurity Guidance
Documentation demonstrating trustworthiness—
"documentation related to design controls, and specifically design validation, software validation and risk analysis…"
✓ Sternum provides documentation that outlines possible threats and how Sternum’s technology mitigates them. The analysis and documentation help manufacturers demonstrate the trustworthiness of their devices, and makes it easier to assess the device’s safety with respect to cyber security.
Verify the integrity of all incoming data—
"ensuring it is not modified in transit or at rest, and it is well-formed/compliant with the expected protocol/specification."
✓ Sternum EIV ensures the integrity of the device’s memory and prevents any real-time protocol exploitation. This means that modified data, malformed or malicious data will be detected and any attack attempt through malformed incoming data will be mitigated.
"Where feasible, use industry-accepted best practices to maintain/verify integrity of code while it is being executed on the device."
✓ Sternum EIV Embedded Integrity Verification ensures the integrity of the execution flow and is applied to the device automatically, allowing you to maintain the execution integrity on both pre-market as well as post-market devices.
Detect, Respond, Recover: Design Expectations—
"Appropriate design should anticipate the need to detect and respond to dynamic cyber security risks, including the need for deployment of cyber security routine updates and patches as well as emergency workarounds."
✓ By embedding EIV into the device, you gain the ability to detect and prevent cyber security threats in real-time. In addition to preventing cyber security attacks, EIV enables you to dynamically respond to different threats. EIV notifies you of different cyber security incidents.
Design the Device to Recover Capabilities—
“Implement device features that protect critical functionality and data, even when the device’s cyber security has been compromised.”
✓ Sternum's multi-layer end-point protection makes it possible to protect the critical components of the device even when other components have been exploited. For more information about this unique capability, please contact us.