The IEEE Medical Device Cybersecurity Certification Program has been developed by the IEEE 2621 Conformity Assessment Committee (CAC), composed of stakeholders such as manufacturers, clinicians, FDA, test laboratories, cybersecurity solution providers, and industry associations from around the world.
IEEE 2621 series of standards currently cover certification of wireless diabetes devices such as:
- blood glucose monitors (BGM),
- continuous glucose monitors (CGM),
- insulin pumps, smart insulin pens, and
- automated insulin dosing systems (AID).
atsec is an IEEE authorized laboratory to provide medical device evaluation at the Basic-Enhanced Assurance Package and Moderate Assurance Package.
For Basic-Enhanced Assurance Package and Moderate Assurance Package:
- The manufacturer submits representative product samples to an authorized test laboratory
- The manufacturer applies for certification to the Certification Body (CB)
- The authorized laboratory conducts security requirement analysis as well as vulnerability and penetration testing
- The authorized laboratory sends the Evaluation Technical Report (ETR) to the CB
- The CB reviews all submitted reports and makes decision on certification
Evaluation Activities IEEE 2621
atsec’s IEEE 2621 portfolio encompasses the following services:
- Readiness assessment to help the manufacturer estimate the level of effort that will be required to successfully comply with IEEE 2621
- Development of the Security Target
- Product evaluation: security requirement analysis and vulnerability and penetration testing