Step 1: identify and protect device assets and functionality

Manufacturers should design trustworthy devices and provide documentation to demonstrate the
trustworthiness of their devices in premarket review. In particular, devices and systems should be designed to protect assets and functionality in order to reduce the risk of multi-patient harm due
to the loss of authenticity, availability, integrity, and confidentiality. Specifically, protection
mechanisms should prevent all unauthorized use (through all interfaces); ensure code, data, and execution integrity (subversion of system functionality/safety/security features); and as
appropriate, protect confidentiality of data (insofar as its release could be leveraged to effect
multi-patient harm. As a part of premarket submissions, manufacturers should submit
documentation demonstrating how these design expectations are met.

Step 2: prevent unauthorized use