CIS, MDISS and CCS Medical Device Security Benchmark Initiative


In August 2013, the Center for Internet Security (CIS) launched a new initiative to develop the first-ever security control guidelines (benchmarks) for Internet-enabled medical devices and issued a request for information (RFI) to invite participation. CIS has been helping to build consensus on secure configuration settings across a range of information technologies for 13 years, and is bringing this experience to assist manufacturers in developing configuration security benchmarks for their medical devices. Soon after the RFI was issued, CIS identified the Medical Device Innovation, Safety and Security Consortium (MDISS) as an established leader in this space, and MDISS agreed to co-lead the initiative. The Council on CyberSecurity (CCS) came on board as well to co-lead this effort. CCS leads the continued development of and outreach for the Critical Security Controls for Effective Cyber Defense, among its many mission activities.


U.S. medical device manufacturers, healthcare facilities and cyber security experts are invited to join CIS, MDISS and CCS in this voluntary effort to produce clear, implementable, and consensus-based secure configuration guidelines on the controls that should be in place to help minimize risk against cyber attack or compromise.


CIS Medical Device Security Benchmarks Initiative In the News:

The trouble with Electronic Devices - Capital New York

Cybersecurity Tips for Medical Devices - Healthcare Info Security

Boomer Voice: Can Medical Devices be Hacked? - HealthWorksCollective

Are Internet-Enabled Medical Devices Safe from Hackers? - Government Technology

Doctors disabled wireless in Dick Cheney's pacemaker to thwart hacking - Naked Security

Dick Cheney's wireless heart monitor was modified to curb hacking threat - SC Magazine

New Initiative To Develop Medical Device Security Standards - iHealthBeat

New effort eyes benchmarks for medical device security - mHealthNews

Healthcare IT Security Is Difficult, But Not Impossible - CIO

Encrypted heartbeat could secure implanted devices - FierceHealthIT

CIS, AMC partner to develop cybersecurity guidelines for electronic medical devices - TroyRecord

CIS seeks medical device security guidance with RFI - HealthIT Security

CIS Teams with Healthcare Community to Safeguard Internet-enabled Medical Devices - HispanicBusiness

Non-profit to develop security guidelines for Internet-enabled med devices - FierceHealthIT

Pacemakers Under Attack: When the Internet of Things Gets Sick - Silicon ANGLE

Shoring up security of medical devices - SF Gate

Medical Device Makers to Discuss Burgeoning Cyber Threat - Fox Business

Medical Hacking Poses a Terrifying Threat, in Theory - Bloomberg Businessweek


View press release


For more information, or to join this initiative, contact CIS at (518) 266-3460 or email