The Aligned Elements OWASP Top 10 Checklist available now
As a medical device manufacturer, you are probably well aware of the increasing focus on cyber security. When developing your device, you are responsible for ensuring that it is safe to use from a cyber security perspective.
I think it is safe to say that the attention placed on cyber security aspects by autors and national authorities will only increase in the coming years.
FDA has issues a number of guidelines on how to implement and apply cybersecurity both on a process and product level. It is up to you as a medical device manufacturer to provide adequate cyber resilience in your products as well as the documentation required to prove it.
Aligned Elements users have for a long time been able to leverage Cyber Security extensions in their Aligned Elements configurations such as the Medical Device Cybersecurity Risk Assessment Templates and the Johner Institute Medical Device IT Security Product Requirements.
We are now happy to include the new OWASP Top 10 Checklist to our library of Cyber Security Extensions.
What is it?
OWASP stands for “Open Web Application Security Project”. It is a non-profit entity with international recognition and focuses on collaboration to strengthen software security around the globe.
OWASP publishes the OWASP Top 10 list, which provides rankings of, as well as a remediation guidance for, the top 10 most critical web application security risks.
It uses the extensive knowledge and experience of the OWASP’s open community contributors, and is based on a consensus among security experts from around the world.
The OWASP Top 10 risks are ranked according to the frequency of discovered security defects, the severity of the uncovered vulnerabilities, and the magnitude of their potential impacts.
You can now easily assess and automatically document how well your medical device application stands up against the OWASP Top 10 by applying the Aligned Elements OWASP Top 10 Regulatory Assistant in your Aligned Elements projects.
How does it work?
This Assistant takes the shape of a Checklist where you assess your own medical device against the OWASP Top 10 security risks.
You start out by assessing whether the risk is applicable to your device at all, and if not, provide a qulified answer why this is not the case (the auditors rewards such qualifications).
If the risk is applicable, you are required to refer to the Aligned Elements Design Control Items that addresses the risk by selecting them in the UI.
You can compare your risk reduction controls against known best-practice remidiations mentioned in the OWASP Top 10 list.
When the checklist is completed, a Regulatory Assistance item is generated, containing all steps and your provided answers. This information remains stored in Aligned Elements for compliance purposes.
The OWASP Top 10 Regulatory Assistant Checklist is free to all Aligned Elements customers and can be applied to any Aligned Elements Web Server installation.
Note! The OWASP Top 10 Regulatory Assistant Checklist only works in Aligned Elements.