IEEE Cybersecurity Certification Programs: Medical Devices Using Common Criteria and IoT Sensors Based on IEEE Cybersecurity Reference Architecture Model (U30b)
The Medical Devices Program has been developed at a fast pace. The methodology, workflow, and stakeholders have made it successful. IEEE will share the lessons learned and a blueprint for adopting Common Criteria. The program is up and running with several products certified. Details are available at: https://standards.ieee.org/products-programs/icap/. The IoT Sensors Program has similar goals but is pursuing a different approach. Product implementers will learn how to make their devices cybersecure and prepare for certification. The details are available in the “IEEE Cybersecurity Testing Framework” paper. The approach is based on mapping relevant cybersecurity requirements to each layer in the IEEE-developed Purdue-based cybersecurity reference architecture model. This systematic approach contrasts with other programs that use an ad-hoc approach to cybersecurity. Any standard, such as Common Criteria, can be used with the referenced architecture model. IEEE chose NIST standards. The second document, a Test Plan, has test cases layer-by-layer that reference the requirements and document the objective, methods, and outcomes of each test case. IEEE will provide the audience with a practical and modern approach to verify that devices are cybersecure.