top of page

definition videos

ISAO's are employed for the purpose of:

  • Gathering and analyzing critical cyber and related information in order to better understand security problems and interdependencies related to cyber systems

  • Communicating or disclosing critical cyber and related information to help prevent, detect, mitigate, or recover from the effects of an interference, compromise, or incapacitation problem related to cyber systems

  • Voluntarily disseminating critical cyber and related information to its members; federal, state, and local governments; or any other entities that may be of assistance in carrying out the purposes specified above

Coordinated vulnerability disclosure is:

  • A process established by an organization for the intake of vulnerability information.

  • Typically published online on the organization's website

  • Sometimes involves emailing

  • MedISAO has an easy to use CVD form that members can take advantage of.

The traffic light protocol (TLP) is a quick way for communicating how sensitive data is allowed to be shared. It uses a traffic light as a metaphor. The rating are:

  • TLP:RED : Information should not be shared outside the participants of the current communication.

  • TLP: AMBER : Information can be shared on a need-to-know basis with other organizations, typically under NDA or similar agreement

  • TLP: GREEN : Information can be widely shared in the community, but should be publicly posted or brodcast

  • TLP: WHITE : Information can be shared freely pursuant to normal copyright laws.

Urgent/11 is a class of vulnerabilities that affect many real time operating systems that are heavily used in medical device design. For more information and up to date list of affected operating systems, see the FDA post at this link

A Software Bill of Materials is a list of all of the open source and commercial libraries that are used in a device. This can include math libraries, networking libraries and operating systems. For more information on how to easily generate an SBOM go to

AAIM TIR-57 is a standard for cyber risk management during the design of medical devices. It is recognized as a standard by the FDA.

How can I detect is my medical device is vulnerable to urgent/11. The easiest way is with a software bill of materials (SBOM) . If you don't have an SBOM for your device, ARMIS security has released an open source scanner in python that can test specifically for Urgent/11 . It can be found at this link.

bottom of page