The Common Vulnerability Scoring System (CVSS) assists organizations in assessing the severity of vulnerability to determine the urgency and priority of the response. CVSS was developed for enterprise IT systems and does not adequately reflect the clinical environment and potential patient safety issues. To address these challenges, MITRE developed the “Rubric for Applying CVSS to Medical Devices.” The CVSS Rubric consists of a structured set of questions and corresponding decision flow diagrams, along with medical device specific examples and guidance, to help assess a medical device vulnerability in a consistent and standardized way. In October 2020, FDA qualified the CVSS Rubric as a Medical Device Development Tool.
URL to the paper on MITRE.ORG https://www.mitre.org/md-cvss-rubric