CJR Builder — Control Justification Record

First time? Read WALKTHROUGH.md for the conceptual tour. This builder walks you through the same 10 sections as the markdown template — fill in what you know, leave the rest as TBD, and generate a markdown CJR you can drop into your evidence system.

1. Device identification

CJR-ID Status Device name & model Manufacturer Device class Archetype MDS² reference Asset inventory IDs Deployment count STRIDE-HC threat model MDRS score & tier

2. Standard control and constraint

Standard control Constraint type

Constraint detail

3. Threat addressed

3.1 STRIDE-HC categories this constraint exposes

3.2 Threat scenarios (network + physical/insider)

3.3 Initial risk assessment (pre-control)

Likelihood

Severity

Detectability

4. Compensating control(s) selected

4.1 Control description 4.2 Playbook reference 4.3 How the control addresses the threat 4.4 Design principles (Equivalence, Independence, Proportionality, Auditability) 4.5 Implementation references

5. Residual risk evaluation (ISO 14971 cl.8)

5.1 Residual risk after control deployment

Likelihood (residual)

Severity (residual)

Detectability (residual)

5.2 Residual risk acceptability 5.3 Risk acceptance authority

6. Effectiveness rating

High

Equivalent protection to standard control; validated by penetration testing or harness output.

Medium

Partially addresses the threat; residual risk elevated but manageable.

Low

Minimal mitigation; formal risk acceptance per ISO 14971 cl.8 required.

Rating must be validated, not asserted. Cite the test-harness CSV or pentest report below.

7. Normative references

Click to add common references. Reference specific clauses, not whole standards.

8. Approval and review

Author Reviewer — Clinical Eng. Reviewer — InfoSec Approver — CISO Approver — Dir. Clinical Eng. Approval date Effective date Next scheduled review Trigger conditions for early review

9. Linked records

STRIDE-HC threat model MDS² disclosure Vendor security advisories Penetration test report Test harness output Related CJRs

1. Device identification

2. Standard control and constraint

3. Threat addressed

3.1 STRIDE-HC categories this constraint exposes

3.2 Threat scenarios (network + physical/insider)

3.3 Initial risk assessment (pre-control)

Likelihood

Severity

Detectability

4. Compensating control(s) selected

5. Residual risk evaluation (ISO 14971 cl.8)

5.1 Residual risk after control deployment

Likelihood (residual)

Severity (residual)

Detectability (residual)

6. Effectiveness rating

High

Medium

Low

7. Normative references

8. Approval and review

9. Linked records

Preview