Deep Armor Cybersecurity Services for Healthcare & Medical Devices

Deep Armor offers advanced security services for healthcare & medical devices. Our award-winning cybersecurity approaches have helped many medical companies to build and ship secure products. Our solutions include

Secure Architecture & Design Consultations

Threat modeling, Vulnerability Assessments & Penetration Testing

US FDA 510(k) Premarket Readiness & CE Mark Security Certifications

Visit our IoMT & Medical Device Security page for more details or email us at services@deeparmor.com

Rubric for Applying CVSS to Medical Devices

The United States Food and Drug Administration (FDA), under its Medical Device Development Tool (MDDT) program, has recently (as of October 20, 2020) qualified a cybersecurity MDDT that includes a series of structured questions to be used along with the Common Vulnerability Scoring System (CVSS) v3.0 to reliably calculate the severity of security vulnerabilities in medical devices and aid in vulnerability disclosure. See the following links for more details: Deep Armor's blog on the Rubric for CVSS and Official Guidance Document from MITRE

Deep Armor has developed this online calculator for using the rubric, recording the answers to the extended vector elements, and presenting the CVSS score and vector.

Attack vector (AV)
Q1 (XAVN)

Q2 (XAVT)

Q3 (XAVW)

Q4 (XAVR)

Q5 (XAVP)

Q5.1 (XAVPA)
Rubric CVSS Score

Attack Complexity (AC)
Q1 (XACL)
Privileges Required(PR)
Q1 (XPRL)

Q2 (XPRZ)

Q3 (XPRS)
User Interaction (UI)
Q1 (XUI)
Scope
Q1 (XS)
Rubric CVSS Vector:
Confidentiality
Integrity
Availability
For any PHI/PII data
Q1.C (XCP)

Q1.1.C (XCPM)
Q1.I (XIP)
Q1.A (XAP)
For any data or functionality related to diagnosis or monitoring
Q2.C (XCD)
Q2.I (XID)
Q2.A (XAD)
For any data or functionality related to the delivery of therapy
Q3.C (XCT)
Q3.I (XIT)
Q3.A (XAT)
For any data or functionality related to clinical workflow
Q4.C (XCW)
Q4.I (XIW)
Q4.A (XAW)
For any data or functionality related to private system or system-user data, e.g. passwords or private keys
Q5.C (XCS)
Q5.I (XIS)
Q5.A (XAS)
For any other kind of critical, sensitive data or functionality
Q6.C (XCO)
Q6.I (XIO)
Q6.A (XAO)
Deep Armor . All Rights Reserved