The Food and Drug Administration (FDA) issued a new set of draft guidelines on Friday in hopes that medical device manufacturers not only address cybersecurity risks before they design products, but also during the maintenance of those products.
The 25-page document recommends manufacturers adopt a cybersecurity risk management program that meets a set of prescribed requirements.
As one of those requirements the agency is encouraging manufacturers to apply benchmarks illustrated in “Framework for Improving Critical Infrastructure Cybersecurity,” a 2014 report (.PDF) published by the National Institute of Standards and Technology, or NIST. That report , which came as a result of Executive Order 13636, advocates a “framework core” set of functions to follow when it comes to managing cybersecurity risk: Identify, protect, detect, respond, and recover.
Full Article