The FDA has made it abundantly clear that it expects medical device manufacturers and other life sciences firms to have strong cybersecurity management programs.

The FDA has made it abundantly clear that it expects medical device manufacturers and other life sciences firms to have strong cybersecurity management programs. Since the FDA hasn’t always been clear on what it expects on a granular level the Common Vulnerability Scoring System can provide much needed guidance.

Common Vulnerability Scoring System (CVSS)

The FDA is directing pharmaceutical and medical device manufacturers to an important document from the non-profit FIRST organization that helps manufacturers identify and prioritize risk. It’s called the Common Vulnerability Scoring System (CVSS) v3.0.
The challenge of cybersecurity for medical device, pharmaceutical and utility companies is great. The solutions are not always so clear. The CVSS is a welcome addition to the discussion.

The Rise of Cybersecurity Risks

“Software, hardware and firmware vulnerabilities pose a critical risk to any organization operating a computer network, and can be difficult to categorize and mitigate,” the CVSS Specification Document notes.

CVSS Contains 3 Metric Groups