In September of 2023, the FDA released new requirements for medical device cybersecurity practices and information to be provided during premarket submissions. The requirements are broken down into four general principles:
Submissions must demonstrate a “reasonable assurance of safety and effectiveness,” which includes software validation and risk management as defined by a strong Secure Product Development Framework (SPDF) that encompasses all phases of a device’s lifecycle.
Device users should have clear and accessible information about the device’s cybersecurity controls, potential risks, known vulnerabilities, configuration and update instructions, and other pertinent information spanning the device’s entire lifecycle.
Cybersecurity design and documentation should scale with the risk level of the device, taking into account the larger system in which the device will be used. Generally, the more connected and integral the device, the stronger and more comprehensive the documentation is expected to be.
5 key benefits of DigiCert device trust solutions for healthcare IoT
DigiCert solutions are designed to integrate into the stack to provide full lifecycle visibility, security, and control.