Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Evaluating the Role of Security Assurance Cases in Agile Medical Device Development

Max Fransson, Adam Andersson, Mazen Mohamad, Jan-Philipp Steghöfer

TL;DR

The paper investigates applying Security Assurance Cases built with the CASCADE framework to agile medical device development to satisfy cybersecurity regulatory requirements. Through a case study at a large medical device vendor (HOOP platform) and stakeholder focus groups, it identifies 17 SAC use cases, demonstrates alignment with major standards (FDA SaMD guidance, MDCG, ISO 14971, ISO 62304, ISO 24791, and NIST 800-30), and shows how CASCADE can be integrated into iterative development with organizational changes such as a security architect role and a definition of done extension. It further proposes linking safety to security with a risk assessment matrix to enable traceability of safety-related security risks within SACs. The findings support practical adoption of SACs in the medical domain while highlighting the need for explicit safety integration and ongoing adaptation to regulatory volatility.

Abstract

Cybersecurity issues in medical devices threaten patient safety and can cause harm if exploited. Standards and regulations therefore require vendors of such devices to provide an assessment of the cybersecurity risks as well as a description of their mitigation. Security assurance cases (SACs) capture these elements as a structured argument. Compiling an SAC requires taking domain-specific regulations and requirements as well as the way of working into account. In this case study, we evaluate CASCADE, an approach for building SAC in the context of a large medical device manufacturer with an established agile development workflow. We investigate the regulatory context as well as the adaptations needed in the development process. Our results show the suitability of SACs in the medical device industry. We identified 17 use cases in which an SAC supports internal and external needs. The connection to safety assurance can be achieved by incorporating information from the risk assessment matrix into the SAC. Integration into the development process can be achieved by introducing a new role and rules for the design review and the release to production as well as additional criteria for the definition of done. We also show that SACs built with CASCADE fulfill the requirements of relevant standards in the medical domain such as ISO 14971.

Evaluating the Role of Security Assurance Cases in Agile Medical Device Development

TL;DR

The paper investigates applying Security Assurance Cases built with the CASCADE framework to agile medical device development to satisfy cybersecurity regulatory requirements. Through a case study at a large medical device vendor (HOOP platform) and stakeholder focus groups, it identifies 17 SAC use cases, demonstrates alignment with major standards (FDA SaMD guidance, MDCG, ISO 14971, ISO 62304, ISO 24791, and NIST 800-30), and shows how CASCADE can be integrated into iterative development with organizational changes such as a security architect role and a definition of done extension. It further proposes linking safety to security with a risk assessment matrix to enable traceability of safety-related security risks within SACs. The findings support practical adoption of SACs in the medical domain while highlighting the need for explicit safety integration and ongoing adaptation to regulatory volatility.

Abstract

Cybersecurity issues in medical devices threaten patient safety and can cause harm if exploited. Standards and regulations therefore require vendors of such devices to provide an assessment of the cybersecurity risks as well as a description of their mitigation. Security assurance cases (SACs) capture these elements as a structured argument. Compiling an SAC requires taking domain-specific regulations and requirements as well as the way of working into account. In this case study, we evaluate CASCADE, an approach for building SAC in the context of a large medical device manufacturer with an established agile development workflow. We investigate the regulatory context as well as the adaptations needed in the development process. Our results show the suitability of SACs in the medical device industry. We identified 17 use cases in which an SAC supports internal and external needs. The connection to safety assurance can be achieved by incorporating information from the risk assessment matrix into the SAC. Integration into the development process can be achieved by introducing a new role and rules for the design review and the release to production as well as additional criteria for the definition of done. We also show that SACs built with CASCADE fulfill the requirements of relevant standards in the medical domain such as ISO 14971.
Paper Structure (23 sections, 3 figures, 3 tables)

This paper contains 23 sections, 3 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Security Assurance Cases
  4. Standards and guidelines in the medical domain
  5. Related work
  6. Case Study environment
  7. Research Method
  8. Suitability of SAC in the medical domain
  9. Use cases for SAC in the medical domain
  10. Overlap between SACs built with CASCADE and regulations for the medical domain
  11. SAC and Safety
  12. Integrating the Maintenance of SACs Built with CASCADE into the Existing Workflow
  13. Discussion
  14. Applicability of SAC in the development of medical devices (RQ1)
  15. Utilize and extend existing agile processes to maintain SAC (RQ2)
  16. ...and 8 more sections

Figures (3)

  • Figure 1: The structure for the CASCADE approach.
  • Figure 2: The methods used for the case study in chronological order.
  • Figure 3: Overview of the HOOP platform workflow. Triage team approval gates are in blue. The circles indicate suggestions for security-related extensions.