Standards
The services of VulDB are able to help you address and fulfil your requirements for a wide range of IT and security standards:
International
- Chapter 6.5: Asset Management
- Chapter 6.9.6: Technical Vulnerability Management
- Chapter 8.1.1: Inventory of Assets
- Chapter 8.2: Information Classification
- Chapter 12.1.2: Change Management
- Chapter 12.6: Technical Vulnerability Management
- Chapter 14.2.2: System Change Control Procedures
- Chapter 14.2.8: System Security Testing
- Chapter 15: Information Security in Supplier Relationships
- Chapter 16: Management of Information Security Incidents and Improvements
- Chapter 12: Operations security
- Chapter 14: System acquisition, development and maintenance
- Chapter 16: Information security incident management
- Chapter 5.6: Vulnerability handling process summary
- Chapter 5.7: Information exchange during vulnerability disclosure
- Chapter 5.8: Confidentiality of exchanged information
- Chapter 5.9: Vulnerability advisories
- Chapter 5.10: Vulnerability exploitation
- Chapter 5.11: Vulnerabilities and risk
- Chapter 6: Receiving vulnerability reports
- Chapter 7: Publishing vulnerability advisories
- Chapter 8: Coordination
- Chapter 9: Vulnerability disclosure policy
USA - United States of America
- Chapter 1: Security Risk Analysis
- Chapter 2: Security Risk Evaluation
- Chapter 3: Security Risk Control
- Chapter 4: Evaluation of Overall Security Residual Risk Acceptability
- Chapter 5: Securit Risk Management Review
- Chapter 6: Production and Post-Production Activities
- Chapter 3.4: Threat Intelligence Input
- Chapter VI: Medical Device Cybersecurity Risk Management
- Chapter VII: Remediating and Reporting Cybersecurity Vulnerabilities
- Chapter X: Elements of an Effective Postmarket Cybersecurity Program
Australia
Medical device cyber security guidance for industry
- Pre-market Guidance
- Post-market Guidance
EU - European Union
Directive (EU) 2022/2555 NIS2 - Measures for a high common level of cybersecurity across the Union
- Article 11: Requirements, technical capabilities and tasks of CSIRTs
- Article 12: Coordinated vulnerability disclosure and a European vulnerability database
- Article 29: Cybersecurity information-sharing arrangements
- Volume 4: Vulnerability Management
- Chapter 5.3: Keep software updated
Germany
Technische Richtlinie TR-03185: Sicherer Software-Lebenszyklus
- Kapitel 3.1.5: Patch- und Änderungsmanagement
- Kapitel 3.2.3.3: Bedrohungsmodellierung
- Kapitel 3.2.4.1: Patches und Updates
- Kapitel 3.2.6: Schwachstellenmanagement
Switzerland
SR 235.11: DSV - Datenschutzverordnung
- Art. 3: Technische und organisatorische Massnahmen
Aktualisierung: 17.09.2024 von VulDB Documentation Team