The U.S. Food and Drug Administration published a draft guidance document on March 13, 2024, of Select Updates for the Premarket Cybersecurity Guidance: Section 524B of the FD&C Act. FDA intends to incorporate the updates proposed in this draft guidance into the Premarket Cybersecurity Guidance as one final guidance document after obtaining and considering public comment on these proposed select updates.
The contents of the draft Premarket Cybersecurity Guidance Update is below:
1. Cyber Devices
(1) includes software validated, installed, or authorized by the sponsor as a device or in a device
(2) ability to connect to the internet
(3) contains any such technological characteristics validated, installed, or authorized by the sponsor that could be vulnerable to the cybersecurity threats
Any modifications to medical devices that meet the definition of a cyber device necessitate compliance with specified cybersecurity requirements.
※ Modifications that could influence the cyber security
: Include updates to authentication mechanisms, encryption algorithms, connectivity features, or the software update process.
※ Changes unlikely to affect cyber security
: material alterations or changes in sterilization methods
2. Documentation Recommendations to Comply with 524B
※ Coordinated Vulnerability Disclosure(CVD)
: Coordinated disclosure of vulnerabilities and exploits identified by external entities (including third-party software suppliers and researchers) and manufacturer.
※ Timeline for Updates and Patches
: Plans required by section 524B(b)(1) of the FD&C Act should also describe the timeline, with associated justifications, to develop and release required updates and patches.
※ Strategic Cybersecurity Management
: The manufacturer must submit a detailed plan describing its strategy for monitoring, identifying, and addressing post-marketing cybersecurity vulnerabilities. Also, Should as appropriate, account for any differences in the risk management for fielded devices (e.g., differences between marketed devices and devices no longer marketed but still in use).
Please refer to the attached file below for more information.
If you have any questions about medical device,
Please contact us with the below.
info@jnmglobal.net
ra@jnmglobal.net