Medical Device Security Benchmarks Initiative

Medical devices and the systems they rely on have become so interconnected and mobile that they need to be protected from the ever-increasing volume of cyber threats in order to protect the confidentiality of patient information and safeguard patient safety.  

In recognition of the growing security concerns about network-connected medical devices, CIS launched an initiative in 2013 to help bolster the protection of these devices and the IT systems they rely on.  

CIS co-leads the effort with the Medical Device Innovation, Safety and Security Consortium (MDISS) and is working collaboratively with a number of public and private sector partners to develop well-defined security baselines that help further strengthen defenses against cyber attack.

Medical Device Security Benchmarks Initiative Partners

CIS and MDISS Launch Security Benchmark Mapping Guidance NEW!

The first set of resources developed through the joint initiative is the release of new security recommendations that align industry recognized, consensus-based secure configuration best practices developed by CIS with Security Capabilities included in a Technical Report (IEC/TR 80001-2-2) within the International Electro-technical Commission (IEC) 80001-1, a global standard for performing risk management of IT networks that include medical devices.

The configuration guidelines, which were developed in collaboration with healthcare providers, manufacturers, cyber security experts and government entities, specifically apply to those devices that incorporate Microsoft Windows 7 and XP operating systems, which are commonly used for healthcare device systems.

NEW! CIS Microsoft Windows 7 Benchmark v2.1.0 Recommendations Mapped to IEC/TR 80001-2-2 Security Capabilities

NEW! CIS Microsoft Windows XP Benchmark v3.1.0 Recommendations Mapped to IEC/TR 80001-2-2 Security Capabilities

We welcome additional feedback and recommendations on improving these resources and suggestions on creating similar guidelines:

Join the Initiative

U.S. medical device manufacturers, healthcare facilities and cyber security experts are invited to join CIS, MDISS and their partners in this voluntary effort to produce clear, implementable, and consensus-based secure configuration guidelines on the controls that should be in place to help minimize risk against cyber attack or compromise. Contact CIS at (518) 266-3460 or email

Initiative Partners

  • Council on Cyber Security (CCS)
  • Albany Medical Center (AMC)
  • College of Healthcare Information Management Executives (CHIME)
  • National Health ISAC (NH-ISAC)
  • Association for the Advancement of Medical Instrumentation (AAMI)
  • Underwriters Laboratory (UL)
  • Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)


CIS Medical Device Security Benchmarks Initiative In the News:

For more information, or to join this initiative, contact CIS at (518) 266-3460 or email