FDA Shares Premarket Requirements for Device Cybersecurity in Final Guidance

September 28, 2023

The frequent electronic exchange of health data through wireless, internet and networks along with the cybersecurity threats and vulnerabilities is driver for an FDA final guidance making recommendations for cybersecurity information to be submitted with premarket applications to CDRH and CBER.

This 57-page guidance replaces “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” issued in 2014, because, the agency says in the guidance, “the rapidly evolving landscape, an increased understanding of emerging threats, and the need for capable deployment of mitigations throughout the total product lifecycle warrants an updated, iterative approach to device cybersecurity.”

General principles are included in the guidance, intended to “have a positive impact on the safety and effectiveness of the device.” Cybersecurity is part of device safety and quality system regulation, should be integral to design, should be transparent as to risks and vulnerabilities, and should be documented in the submission, the guidance explains.

Read the final guidance here.

To read the full story, click here to subscribe.

Related Topics