Within the US-Admi­nis­tra­ti­on – e.g. Depart­ment of Defen­se, Home­land­Se­cu­ri­ty, Depart­ment of Veterans Affairs, Food and Drug Admin­stra­ti­on, Natio­nal Elec­tri­cal Asso­cia­ti­on – docu­ments have been deve­lo­ped which defi­ne mea­su­res to increase the secu­ri­ty of a pro­duct. For exam­p­le the NEMA stan­dard HN 1–2013: ”Manu­fac­tu­rer Dis­clo­sure State­ment for Medi­cal Device Secu­ri­ty” MDS”, the stan­dard SP 800–53A “Asses­sing Secu­ri­ty and Pri­va­cy Con­trols in Fede­ral Infor­ma­ti­on Sys­tems and Orga­ni­zai­tons Buil­ding Effec­ti­ve Assess­ment Plans” or SP 800–53 “Secu­ri­ty and Pri­va­cy Con­trols for Fede­ral Infor­ma­ti­on Sys­tems and Orga­ni­zai­tons” by the NIST.

Im Umkreis der ame­ri­ka­ni­schen Ver­wal­tung – Depart­ment of Defen­se, Home­land Secu­ri­ty, Depart­ment of Veterans Affairs, Food and Drug Asso­cia­ti­on, Natio­nal Elec­tri­cal Manu­fac­tu­r­ers Asso­cia­ti­on – enstan­de­ne Tex­te defi­nie­ren Maß­nah­men zur Sicher­heit eines Pro­dukts. Etwa der Stan­dard HN 1–2013 der NEMA: „Manu­fac­tu­rer Dis­clo­sure State­ment for Medi­cal Device Secu­ri­ty“ MDS2, die SP 800–53A des NIST: “Asses­sing Secu­ri­ty and Pri­va­cy Con­trols in Fede­ral Infor­ma­ti­on Sys­tems and Orga­niza­ti­ons Buil­ding Effec­ti­ve Assess­ment Plans“ oder SP 800–53 “Secu­ri­ty and Pri­va­cy Con­trol­s­for Fede­ral Infor­ma­ti­on Sys­tems and Orga­niza­ti­ons“. Aus Euro­pa könn­te das ETSI TR 103 305–1 V2.1.1 „Cri­ti­cal Secu­ri­ty Con­trols for Effec­ti­ve Cyber Defence“ genannt werden.