Security Control Implementation

Security controls work best in layers, so implementation starts with defense in depth: no single control should stand between an attacker and patient harm. Pair layered controls with secure-by-design principles like least privilege and fail secure, then apply proven patterns such as secure boot and TLS-protected communication.

3.8.1 Defense in Depth

Don't rely on single security controls. Layer defenses:

Example Layered Approach:

1. Network firewall (perimeter)
2. Device authentication (access)
3. Encryption (data protection)
4. Audit logging (detection)
5. Incident response (recovery)

3.8.2 Secure by Design Principles

Least Privilege: Give minimum necessary access

• Users get only needed functions
• Processes run with minimal rights
• Services have restricted permissions

Fail Secure: Safe behavior during failures

• Device enters safe state on error
• Denies access when uncertain
• Maintains critical functions

Defense in Depth: Multiple security layers

• Don't rely on single control
• Overlapping protections
• Diverse defense mechanisms

Simplicity: Complex = vulnerable

• Minimize attack surface
• Reduce feature creep
• Clear security boundaries

3.8.3 Common Security Patterns

Secure Boot:

• Verify bootloader integrity
• Check kernel signature
• Validate application code
• Establish chain of trust

Secure Communication:

• TLS for network traffic
• Certificate validation
• Perfect forward secrecy
• Protocol downgrade prevention

Access Control:

• Multi-factor authentication
• Role-based permissions
• Session management
• Account lockouts

For how to choose controls from your threat model and trace them for reviewers, see Secure your medical device with cybersecurity controls. For keeping controls usable in clinical workflows, see Balancing security controls with usability in medical devices.