FREQUENTLY Asked Questions

What should be included in system diagrams, in regards to cybersecurity risks?

View All FAQs
About the Author
Proxima CRO Team
Isabella Schmitt, RAC
Director of Regulatory Affairs
Ms. Schmitt has also served in additional regulatory affairs and clinical research roles in which she contributed to multiple regulatory submissions and clinical affairs projects across a wide range of indications.

System Diagrams should be sufficiently detailed to permit an understanding of how the specific device design elements are incorporated into a system-level and holistic picture. Analysis of the entire system is necessary to understand the manufacturer’s threat model and the device within the larger ecosystem.

Systems diagrams should include:

  • Network, architecture, flow, and state diagrams.
  • The interfaces, components, assets, communication pathways, protocols, and network ports.
  • Authentication mechanisms and controls for each communicating asset or component of the system including web sites, servers, interoperable systems, cloud stores, etc.
  • Users’ roles and level of responsibility if they interact with these assets or communication channels.
  • Use of cryptographic methods should include descriptions of the method used and the type and level of cryptographic key usage and their style of use throughout your system (one-time use, key length, the standard employed, symmetric or otherwise, etc.). Descriptions should also include details of cryptographic protection for firmware and software updates.

Related Terms:
No items found.
Related FAQs:
More Questions? We're here to help!
SPEAK WITH A SPECIALIST