Profile

Hi Ed, Great question and here are a couple of references for you to consider: The SBOM typically consists of the software package name and version, such as "Apache httpd 2.4" For cybersecurity, regulators are now looking to ensure the SBOM has been properly evaluated against a national ...

Hi Breanne,   Below is a summary of cybersecurity testing that should be considered for the software; however, as Ginger pointed out, what you may be asked for during the 510k review is heavily dependent on the type of device and the reviewer.  Regardless, these are standard best practices ...

As some of the others commented, it's typically not required for a submission.  When we work on this with medical device manufacturers, we typically take the following approach: Security Requirement ID NIST Cybersecurity Framework Category (Identify, Protect, Detect, Respond, Recover) ...

Hi Yasser, You'll also need to ensure you appropriately address Cybersecurity for the new design, as the attack surface has changed.  This would include creating/updating a threat model, data flow diagrams, cybersecurity requirements (NIST 800-121 is a good starting point), security testing (e.g. ...

FDA has also been working on a regulatory model for more agile approaches for software as a medical device, through the precertification program.  There haven't been many recent updates, but here is their website on what they are attempting to achieve - Digital Health Software Precertification (Pre-Cert) ...