Cybersecurity updates November 2024
- QV Solutions
- Nov 4, 2024
- 1 min read
1. FDA is planning to release another revision of Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions Guidance in 2025.
2. The FDA contracted with MITRE to develop a publication that discusses normalization challenges and mitigations for generating and digesting Software Bills of Materials (SBOMs), and advantages of using a standard nomenclature and formats to ensure that data from various sources is consistent. SBOMs enable taking proactive actions to mitigate risks in the device during development and reactive actions to expeditiously control emerging risks in fielded devices.
3. The FDA shared new journal article: Digital Certificate Management for Medical Devices in the Journal of Clinical Engineering. It provides an introduction to the role of digital certificates to secure and manage access to medical devices, including discussion of potential issues.
4. Cybersecurity and Infrastructure Security Agency (CISA) released guidance, Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers. This guidance is part of CISA’s Secure by Design campaign and it encourages software manufacturers to establish a safe software deployment program as part of their software development lifecycle (SDLC).
It lists Key Phases of a Safe Software Deployment Process:
-Planning
-Development and Testing
-Internal Rollout (Dogfood)
-Deployment and Canary Testing
-Controlled Rollout
-Feedback Into Planning
Comments