close search bar

Sorry, not available in this language yet

close language selection

AAMI TIR57 recognized by the FDA as a foundational cybersecurity standard for medical devices

Synopsys Editorial Team

Sep 24, 2016 / 1 min read

The FDA has formally recognized AAMI TIR57 “Principles for medical device security – Risk management” as a cybersecurity standard for medical devices.

It took a few years to make it happen, but the AAMI TIR57 Principles for medical device security – Risk management standard was finally published by AAMI this summer, and the FDA formally recognized it as a foundational standard less than a month after it came out.

It really is no surprise that the FDA recognized it, since FDA staff members contributed to the standard. I too had the pleasure of participating in the working group, which included a wide range of members from the healthcare community, including device manufacturers, regulators, as well as consultants specializing in medical device security.

The group was chaired by Ken Hoyme, who began chairing the working group soon after leaving Boston Scientific’s implantable cardiac device division (what was once known as Guidant), and joining the consulting team at Adventium. Kevin Fu, arguably the first person to ever publish a “hack” of a medical device, co-chaired the group.

Although most of the guidance in TIR57 is high level, it is well structured and outlines a good process for risk management. It is largely based on application of ANSI/AAMI/ISO 14971 risk management principles to the medical device space.

While this is the first AAMI document from this working group, the work is not completed. The intention of the working group is to create additional work products to assist the medical device community and regulators in addressing medical device security. The next body of work the group intends to tackle is creating a product that can assist the medical device industry in applying the upcoming FDA post market surveillance guidance. I look forward to the challenge, as I believe standards are indeed a good thing where cybersecurity is a concern. At a minimum, standards establish a level playing field.

Congratulations to the entire team for a job well done.

Mike Ahmadi is a former director of critical systems security at Synopsys.

Continue Reading

Top 10 free pen tester tools

Top 10 free pen tester tools

Natalie Lightner
By Natalie Lightner

Apr 11, 2024 / 5 min read

Tags: Software Integrity, Security News & Trends, Pen Testing, Web AppSec, Manage Security Risks
Introducing fAST Dynamic: Streamlining dynamic application security testing

Introducing fAST Dynamic: Streamlining dynamic application security testing

Vishrut Iyengar
By Vishrut Iyengar

Mar 19, 2024 / 3 min read

Tags: DAST, Software Integrity, Security News & Trends, Build Security into DevOps
CVE-2017-5638: The Apache Struts vulnerability explained

CVE-2017-5638: The Apache Struts vulnerability explained

Fred Bals
By Fred Bals

Mar 16, 2024 / 3 min read

Tags: Software Integrity, Security News & Trends, Secure the Software Supply Chain

Explore Topics

Agile, CI/CD
AppSec Best Practices
Artificial Intelligence
Automotive
Build Security into DevOps
Cloud Security
Compliance
Container Security
CyRC
DevSecOps
DAST
Financial Services
Fuzzing
Healthcare
IAST
Internet of Things
M&A
Manage Security Risks
Medical Devices
Mobile
Orchestration & Correlation
OSS License Compliance
Pen Testing
Program Strategy & Planning
Public Sector
SAST
SCA
Secure the Software Supply Chain
Security News & Trends
Threat Modeling
Threat & Risk Assessment
Training
Web Application Security