New Cybersecurity Requirements for Cyber Medical Devices
The way that medical device manufacturers prepare premarket submissions underwent a significant change in 2023 which has impacted how cybersecurity is incorporated into the entire medical device lifecycle.
This change came as a result of the Consolidated Appropriations Act (Omnibus Bill) which was signed into law on the 29th of December 2022, and came into effect 90 days later on the 29th of March 2023.
What Are the Four New FDA Cybersecurity Requirements for Medical Devices?
1. Postmarket Monitoring: Submit a plan to monitor, identify, and address, postmarket cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures;
2. Device Updates: Design, develop, and maintain processes and procedures to provide a reasonable assurance that the device and related systems are cybersecure, and make available postmarket updates and patches to the device and related systems to address— on a reasonably justified regular cycle, known unacceptable vulnerabilities; and as soon as possible out of cycle, critical vulnerabilities that could cause uncontrolled risks;
3. SBOM: Provide a software bill of materials (SBOM)
4. Regulatory Compliance: Ensure compliance with other requirements that the FDA may require through regulation to demonstrate reasonable assurance that the device and related systems are cyber secure.
How SelectEvidence™ Enables You Meet New FDA Cybersecurity Requirements
Postmarket Monitoring: SelectEvidence™ allows you to automate postmarket cybersecurity monitoring. You can also automate the performance of premarket cybersecurity risk assessments and generate all regulatory and customer reports.
Device Updates: Manage traceability and revision control throughout the medical device lifecycle.
SBOM: Multi-format ingestion of each and every Software Bill of Materials.
Regulatory Compliance: With SelectEvidence™ you can reuse mitigation knowhow across your portfolio of risk assessments. This enhances standardization and reduces duplicate analysis.