Description
FDA published updated guidance on cybersecurity in medical devices. Under Section 524B, cyber device manufacturers must submit cybersecurity plans for postmarket vulnerability monitoring, demonstrate secure design practices, and provide Software Bill of Materials (SBOM) with all premarket submissions (510(k), PMA, De Novo, HDE).
Requirements
- Develop cybersecurity plan for postmarket vulnerability monitoring
- Demonstrate secure design practices in premarket submissions
- Generate and include SBOM with all submissions
- Implement secure development lifecycle for medical devices
- Document threat modeling and risk assessments
Applicable To
Cyber device manufacturersMedical device companies with connected devicesMedical software developers
Penalty Information
âš FDA may refuse to accept premarket submissions that do not include required cybersecurity information.