• Decrease font size
  • Return font size to normal
  • Increase font size
U.S. Department of Health and Human Services

Recognized Consensus Standards: Medical Devices

  • Print
  • Share
  • E-mail
-
Super Search Devices@FDA
510(k) | DeNovo | Registration & Listing | Adverse Events | Recalls | PMA | HDE | Classification | Standards
CFR Title 21 | Radiation-Emitting Products | X-Ray Assembler | Medsun Reports | CLIA | TPLC
 

New Search Back To Search Results
Part B: Supplementary Information Sheet (SIS)
FR Recognition List Number 047 Date of Entry 08/21/2017 
FR Recognition Number 13-96
Standard
UL ANSI  2900-1 First Edition 2017
Standard for Safety, Standard for Software Cybersecurity Network-Connectable Products, Part 1: General Requirements
Scope/Abstract
1.1 This standard applies to network-connectable products that shall be evaluated and tested for vulnerabilities, software weaknesses and malware.

1.2 This standard describes:
a) Requirements regarding the software developer (vendor or other supply chain member) risk management process for their product.
b) Methods by which a product shall be evaluated and tested for the presence of vulnerabilities, software weaknesses and malware.
c) Requirements regarding the presence of security risk controls in the architecture and design of a product.

1.3 This standard does not contain requirements regarding functional testing of a product. This means this standard contains no requirements to verify that the product functions as designed.

1.4 This standard does not contain requirements regarding the hardware contained in a product.
Extent of Recognition
Complete standard
Rationale for Recognition
This standard is relevant to medical devices and is recognized on its scientific and technical merit and/or because it supports existing regulatory policies.
Relevant FDA Guidance and/or Supportive Publications*
Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions - Guidance for Industry and Food and Drug Administration Staff, issued September 2023.

Postmarket Management of Cybersecurity in Medical Devices - Guidance for Industry and Food and Drug Administration Staff, issued December 2016.


Appropriate Use of Voluntary Consensus Standards in Premarket Submissions for Medical Devices - Guidance for Industry and Food and Drug Administration Staff, issued September 2018.
FDA Technical Contact
 CDRH Division of Medical Device Cybersecurity
  FDA/OC/CDRH/OST/ORR/
  --
  CyberMed@fda.hhs.gov
Standards Development Organizations
UL Underwriters Laboratories, Inc. http://www.ul.com/
ANSI American National Standards Institute https://www.ansi.org/
FDA Specialty Task Group (STG)
Software/Informatics
*These are provided as examples and others may be applicable.
-
-