FDA encourages new cybersecurity standards on medical device manufacturing

Editor's Note

The US Food and Drug Administration (FDA) has recognized the latest guidance on medical device cybersecurity from the Association for the Advancement of Medical Instrumentation (AAMI), an AAMI November 14 press release reports. This latest cybersecurity recognition is encouraging its use across the medical device manufacturing industry to enhance security measures.

The guidance, known as SW96, was released earlier this year and is the first in the industry to provide specific requirements for managing cybersecurity across a product’s life cycle. The priorities established for manufacturers include:

• security risk analysis for individual devices and systems
• security risk evaluation for broader systems
• security risk control in using multiple methods of protection
• management plans for medical devices prior to distribution. 

In addition to providing guidance on cybersecurity risk management during the design and development of medical devices, the standard also provides strategies for monitoring device vulnerabilities after they’ve gone to market, including security measures like patching, and the use of a software bill of materials.