Sign up to save your podcasts
Or
Share What the FDA Wants in Security Architecture Views for Devices
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
What the FDA Wants in Security Architecture Views for Devices
What are the four security architecture views that the FDA prioritizes, and how do they impact your device's design?
This episode explores the FDA-defined security architecture views essential for medical device cybersecurity. Christian and Trevor break down the four views—global system, updatability/patchability, multi-patient harm, and secure use cases—with real-world examples and practical advice.
Key points:
(5:25) The Global System View
* Companion apps and cloud infrastructure must be part of the device scope.
* Many device manufacturers overlook update infrastructure in this view.
* Distinguishing in-scope versus out-of-scope components is a common challenge.
(12:52) Updatability and Patchability
* Secure update procedures must cover the entire lifecycle.
* FDA wants manufacturers to consider both infrastructure and delivery integrity.
* A weak development environment can compromise update trustworthiness.
(18:21) Multi-Patient Harm Scenarios
* Risk is based on the scope and scale of potential compromise.
* Even small devices can cause large-scale issues depending on their connectivity.
(23:09) Secure Use Case Views and Closing Advice
* Every device function should have a corresponding security consideration.
* Functional requirements can guide secure use case documentation.
The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com
If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session
Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.
Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/
Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/
Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/
Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/
Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber
Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9
Feedback? Questions? Contact: https://bluegoatcyber.com/contact/
Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/
Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial
The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.
Subscribe via Spotify: https://spoti.fi/3XX95g0
Subscribe via Apple Podcasts: https://apple.co/483OJ9I
Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts
This episode was produced by Story On Media: https://www.storyon.co/
View all episodes
By Blue Goat CyberWhat are the four security architecture views that the FDA prioritizes, and how do they impact your device's design?
This episode explores the FDA-defined security architecture views essential for medical device cybersecurity. Christian and Trevor break down the four views—global system, updatability/patchability, multi-patient harm, and secure use cases—with real-world examples and practical advice.
Key points:
(5:25) The Global System View
* Companion apps and cloud infrastructure must be part of the device scope.
* Many device manufacturers overlook update infrastructure in this view.
* Distinguishing in-scope versus out-of-scope components is a common challenge.
(12:52) Updatability and Patchability
* Secure update procedures must cover the entire lifecycle.
* FDA wants manufacturers to consider both infrastructure and delivery integrity.
* A weak development environment can compromise update trustworthiness.
(18:21) Multi-Patient Harm Scenarios
* Risk is based on the scope and scale of potential compromise.
* Even small devices can cause large-scale issues depending on their connectivity.
(23:09) Secure Use Case Views and Closing Advice
* Every device function should have a corresponding security consideration.
* Functional requirements can guide secure use case documentation.
The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com
If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session
Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.
Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/
Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/
Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/
Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/
Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber
Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9
Feedback? Questions? Contact: https://bluegoatcyber.com/contact/
Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/
Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial
The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.
Subscribe via Spotify: https://spoti.fi/3XX95g0
Subscribe via Apple Podcasts: https://apple.co/483OJ9I
Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts
This episode was produced by Story On Media: https://www.storyon.co/