Skip to Content

Notice

Content of Premarket Submissions for Management of Cybersecurity in Medical Devices; Guidance for Industry and Food and Drug Administration Staff; Availability

Document Details

Information about this document as published in the Federal Register.

Enhanced Content

Relevant information about this document from Regulations.gov provides additional context. This information is not part of the official Federal Register document.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Food and Drug Administration, HHS.

ACTION:

Notice.

SUMMARY:

The Food and Drug Administration (FDA) is announcing the availability of the guidance entitled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.” This guidance identifies cybersecurity issues that manufacturers should consider in preparing premarket submissions for medical devices in order to maintain information confidentiality, integrity, and availability.

DATES:

Submit either electronic or written comments on this guidance at any time. General comments on Agency guidance documents are welcome at any time.

ADDRESSES:

An electronic copy of the guidance document is available for download from the Internet. See the SUPPLEMENTARY INFORMATION section for information on electronic access to the guidance. Submit written requests for single copies of the guidance document entitled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” to the Office of the Center Director, Guidance and Policy Development, Center for Devices and Radiological Health, Food and Drug Administration, 10903 New Hampshire Ave., Bldg. 66, rm. 5431, Silver Spring, MD 20993-0002 or the Office of Communication, Outreach and Development, Center for Biologics Evaluation and Research, Food and Drug Administration, 10903 New Hampshire Ave. Bldg. 71, rm. 3128, Silver Spring, MD 20993-0002. Send one self-addressed adhesive label to assist that office in processing your request.

Submit electronic comments on the guidance to http://www.regulations.gov. Submit written comments to the Division of Dockets Management (HFA-305), Food and Drug Administration, 5630 Fishers Lane, rm. 1061, Rockville, MD 20852. Identify comments with the docket number found in brackets in the heading of this document.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Abiy Desta, Center for Devices and Radiological Health, Food and Drug Administration, 10903 New Hampshire Ave., Bldg. 66, rm. 1682, Silver Spring, MD 20993-0002, 301-796-0293, Abiy.Desta@fda.hhs.gov; or Stephen Ripley, Center for Biologics Evaluation and Research, Food and Drug Administration, 10903 New Hampshire Ave., Bldg. 71, rm. 7301, Silver Spring, MD 20993, 240-402-7911.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

I. Background

This guidance provides recommendations to consider and document in FDA medical device premarket submissions to provide effective cybersecurity management and to reduce the risk that device functionality is intentionally or unintentionally compromised. The need for effective cybersecurity to assure medical device functionality has become more important with the increasing use of wireless, Internet- and network-connected devices and the frequent electronic exchange of medical device-related health information.

In the Federal Register of June 14, 2013 (78 FR 35940), FDA announced the availability of the draft guidance document. Interested persons were invited to comment by September 12, 2013. Multiple comments were received and in response to these comments, FDA revised the guidance document and policies as appropriate to clarify the types of cybersecurity issues that manufacturers should consider in preparing premarket submissions for medical devices in order to maintain information confidentiality, integrity, and availability.

II. Significance of Guidance

This guidance is being issued consistent with FDA's good guidance practices regulation (21 CFR 10.115). This guidance represents the Agency's current thinking on management of cybersecurity in medical devices. It does not create or confer any rights for or on any person and does not operate to bind FDA or the public. An alternative Start Printed Page 59494approach may be used if such approach satisfies the requirements of the applicable statute and regulations.

III. Electronic Access

Persons interested in obtaining a copy of the guidance may do so by using the Internet. A search capability for all Center for Devices and Radiological Health guidance documents is available at http://www.fda.gov/​MedicalDevices/​DeviceRegulationandGuidance/​GuidanceDocuments/​default.htm. Guidance documents are also available at http://www.regulations.gov or http://www.fda.gov/​BiologicsBloodVaccines/​GuidanceComplianceRegulatoryInformation/​Guidances/​default.htm. Persons unable to download an electronic copy of “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” may send an email request to CDRH-Guidance@fda.hhs.gov to receive an electronic copy of the document. Please use the document number 1825 to identify the guidance you are requesting.

IV. Paperwork Reduction Act of 1995

This guidance refers to previously approved collections of information found in FDA regulations. These collections of information are subject to review by the Office of Management and Budget (OMB) under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-3520). The collections of information in 21 CFR part 807, subpart E, have been approved under OMB control number 0910-0120; the collections of information in 21 CFR part 812 have been approved under OMB control number 0910-0078; the collections of information in 21 CFR part 814 have been approved under OMB control number 0910-0231; the collections of information in 21 CFR part 814, subpart H, have been approved under OMB control number 0910-0332; and the collections of information in 21 CFR part 820 have been approved under OMB control number 0910-0073.

V. Comments

Interested persons may submit either electronic comments regarding this document to http://www.regulations.gov or written comments to the Division of Dockets Management (see ADDRESSES). It is only necessary to send one set of comments. Identify comments with the docket number found in brackets in the heading of this document. Received comments may be seen in the Division of Dockets Management between 9 a.m. and 4 p.m., Monday through Friday, and will be posted to the docket at http://www.regulations.gov.

Start Signature

Dated: September 26, 2014.

Leslie Kux,

Assistant Commissioner for Policy.

End Signature End Supplemental Information

[FR Doc. 2014-23457 Filed 10-1-14; 8:45 am]

BILLING CODE 4164-01-P