Part B: Supplementary Information Sheet (SIS) |
FR Recognition List Number
|
047
|
Date of Entry 08/21/2017
|
FR Recognition Number
|
13-96
|
Standard | |
UL ANSI 2900-1 First Edition 2017 Standard for Safety, Standard for Software Cybersecurity Network-Connectable Products, Part 1: General Requirements |
|
Scope/Abstract1.1 This standard applies to network-connectable products that shall be evaluated and tested for vulnerabilities, software weaknesses and malware.
1.2 This standard describes: a) Requirements regarding the software developer (vendor or other supply chain member) risk management process for their product. b) Methods by which a product shall be evaluated and tested for the presence of vulnerabilities, software weaknesses and malware. c) Requirements regarding the presence of security risk controls in the architecture and design of a product.
1.3 This standard does not contain requirements regarding functional testing of a product. This means this standard contains no requirements to verify that the product functions as designed.
1.4 This standard does not contain requirements regarding the hardware contained in a product. |
|
Extent of Recognition
|
Rationale for Recognition
This standard is relevant to medical devices and is recognized on its scientific and technical merit and/or because it supports existing regulatory policies. |
|
Relevant FDA Guidance and/or Supportive Publications*
Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions - Guidance for Industry and Food and Drug Administration Staff, issued September 2023.
Postmarket Management of Cybersecurity in Medical Devices - Guidance for Industry and Food and Drug Administration Staff, issued December 2016.
Appropriate Use of Voluntary Consensus Standards in Premarket Submissions for Medical Devices - Guidance for Industry and Food and Drug Administration Staff, issued September 2018. |
|
FDA Technical Contact
|
Standards Development Organizations
|
FDA Specialty Task Group (STG)
|
*These are provided as examples and others may be applicable. |