← All guide chapters
Chapter 3: Security by Design · Section 3.8
Security Control Implementation
3.8.1 Defense in Depth
Don't rely on single security controls. Layer defenses:
Example Layered Approach:
- Network firewall (perimeter)
- Device authentication (access)
- Encryption (data protection)
- Audit logging (detection)
- Incident response (recovery)
3.8.2 Secure by Design Principles
Least Privilege: Give minimum necessary access
- Users get only needed functions
- Processes run with minimal rights
- Services have restricted permissions
Fail Secure: Safe behavior during failures
- Device enters safe state on error
- Denies access when uncertain
- Maintains critical functions
Defense in Depth: Multiple security layers
- Don't rely on single control
- Overlapping protections
- Diverse defense mechanisms
Simplicity: Complex = vulnerable
- Minimize attack surface
- Reduce feature creep
- Clear security boundaries
3.8.3 Common Security Patterns
Secure Boot:
- Verify bootloader integrity
- Check kernel signature
- Validate application code
- Establish chain of trust
Secure Communication:
- TLS for network traffic
- Certificate validation
- Perfect forward secrecy
- Protocol downgrade prevention
Access Control:
- Multi-factor authentication
- Role-based permissions
- Session management
- Account lockouts
See how your device measures up
Take the free FDA 524B readiness assessment and get a personalized gap report covering this topic and more.
Check Your Readiness