Blue Goat Cyber logoBlue Goat CyberSMMedical Device Cybersecurity
    K
    Podcast · Episode 29

    What the FDA Wants in Security Architecture Views for Devices

    With MedTech leader - What are the four security architecture views that the FDA prioritizes, and how do they impact your device's design? This episode explores the FDA-defined security architecture views essential for medical device cybersecurity.

    Christian Espinosa, Founder & CEO at Blue Goat Cyber

    By Christian Espinosa, MBA, CISSP

    Founder & CEO · Blue Goat Cyber

    Listen now

    Key takeaways

    • The FDA requires four specific security architecture views for medical device premarket submissions: Global System View, Updateability and Patchability View, Multi-Patient Harm View, and Secure Use Case View.
    • The Global System View defines the entire scope of the device, encompassing hardware, software, mobile apps, cloud components, and update infrastructure.
    • The Updateability and Patchability View details the secure process for delivering software updates and patches throughout the device's lifecycle.
    • The Multi-Patient Harm View analyzes scenarios where a single vulnerability could impact multiple devices or patients.
    • The Secure Use Case View maps security controls to every specific function, state, and operational context of the device.
    • A practical approach to creating Secure Use Case Views is to base them on the device's functional requirements to build security into design.
    • Manufacturers commonly overlook including the update infrastructure in the Global System View and fail to explain the rationale behind their system's architecture.

    What are the four security architecture views that the FDA prioritizes, and how do they impact your device's design?

    This episode explores the FDA-defined security architecture views essential for medical device cybersecurity. Christian and Trevor break down the four views - global system, updatability/patchability, multi-patient harm, and secure use cases - with real-world examples and practical advice.

    Key points:

    (5:25) The Global System View

    • Companion apps and cloud infrastructure must be part of the device scope.

    • Many device manufacturers overlook update infrastructure in this view.

    • Distinguishing in-scope versus out-of-scope components is a common challenge.

    (12:52) Updatability and Patchability

    • Secure update procedures must cover the entire lifecycle.

    • FDA wants manufacturers to consider both infrastructure and delivery integrity.

    • A weak development environment can compromise update trustworthiness.

    (18:21) Multi-Patient Harm Scenarios

    • Risk is based on the scope and scale of potential compromise.

    • Even small devices can cause large-scale issues depending on their connectivity.

    (23:09) Secure Use Case Views and Closing Advice

    • Every device function should have a corresponding security consideration.

    • Functional requirements can guide secure use case documentation.

    Notable quotes

    “The FDA specifically defines security architecture views, and those four views you mentioned, which is very different than a typical architecture diagram for a software or device.”
    - Christian Espinosa
    “The Global System View is going to actually be fairly similar to an architecture view under a traditional software scope. We are looking at what is the total scope of the device, what is each component within the device.”
    - Trevor Slattery
    “A common failure point highlighted is neglecting to include the update infrastructure within this scope.”
    - Trevor Slattery
    “If the FDA wants to see an entire separate view specifically for the update process, instead of lumping it into the Secure Use Case Views, which cover other functionalities and other data flows, it shows how important it is.”
    - Trevor Slattery

    Frequently asked questions

    More episodes

    Ready when you are

    Get FDA cleared without the cybersecurity headaches.

    30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ FDA submissions.