FDA finalizes guidance on cybersecurity for medical devices

Congress granted the agency authority to deny premarket submissions that lack cybersecurity information, starting in October.

The Food and Drug Administration has finalized guidance intended to help device developers comply with recently enacted cybersecurity obligations for premarket submissions.

In the guidance, the FDA outlines how to use a secure product development framework to manage cybersecurity risks, explaining how the model applies to risk management, security architecture and cybersecurity testing.

The FDA, which could start refusing filings that lack cybersecurity information on Oct. 1, finalized the guidance after reviewing more than 1,800 comments on a draft it published last year. Based on the feedback, the FDA clarified required documents and interoperability considerations.

Sign up for Blog Updates