Skip to main content
Library homepage
Engineering LibreTexts

3.7: Using the Assessment Workbook

  • Page ID
  • \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

    Once the MIoT assessment questionnaire is complete its information is then used to compute individual and overall compliance with SP.800-213A Capabilities and Requirements in both numerical and graphic (radar or spider chart) formats (Figure 1). This view allows evaluators to identify areas of weakness or vulnerability and to determine the level of cybersecurity and privacy protection when considering the use of a MIoT device in their network environment.

    ComplianceTableView.jpgFigure 1: Compliance table and spider-view Chart

    A data table and radar1 (aka spider) chart provide tabular and graphical depiction of each Requirement/sub-Requirement value for aggregate compliance. A radar chart is especially useful for a birds-eye view (BEV) of deficiencies as well as highlighting areas which need to be addressed.

    An acceptable compliance level is left to the discretion of the evaluator or organization as there is no published standard (although 75% or better is normally considered acceptable). Acceptable levels, however, can be designated for both individual Requirements/sub-Requirements and aggregate levels.

    Regardless of threshold, compliance provides an organization with an idea of how well a MIoT device under consideration compares to established or recommended industry-standards. It is also used for determining the degree of risk (the MIoT represents) and ultimately whether or not its use is acceptable to a healthcare provider or organization.

    [1] A radar chart compares the values of three or more variables relative to a central point. It’s useful when you cannot directly compare the variables and is efficient for visualizing performance analysis or survey data.

    This page titled 3.7: Using the Assessment Workbook is shared under a CC BY-NC 4.0 license and was authored, remixed, and/or curated by Thomas P. Dover.