Recognized Consensus Standards: Medical Devices

Part B: Supplementary Information Sheet (SIS)

FR Recognition List Number

056

Date of Entry 06/07/2021 

FR Recognition Number

13-119

Standard

ANSI ISA  62443-4-1-2018
Security for industrial automation and control systems Part 4-1: Product security development life-cycle requirements.

Scope/Abstract

This part of ISA-62443 specifies process requirements for the secure development of products used in industrial automation and control systems. It defines a secure development life-cycle (SDL) for the purpose of developing and maintaining secure products. This life-cycle includes security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and product end-of-life. These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware for new or existing products. These requirements apply to the developer and maintainer of the product, but not to the integrator or user of the product. A summary list of the requirements in this standard can be found in Annex B.

Extent of Recognition

Complete standard

Rationale for Recognition

This standard is relevant to medical devices and is recognized on its scientific and technical merit and/or because it supports existing regulatory policies.

Relevant FDA Guidance and/or Supportive Publications*

Relevant guidance:

1. Design Considerations and Pre-market Submission Recommendations for Interoperable Medical Devices - Guidance for Industry and Food and Drug Administration Staff, issued September 2017.

2. Content of Premarket Submissions for Device Software Functions - Guidance for Industry and Food and Drug Administration Staff, issued June 2023.

3. Off-The-Shelf Software Use in Medical Devices - Guidance for Industry and Food and Drug Administration Staff, issued August 2023.

4. Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices - Guidance for Industry and Food and Drug Administration Staff, issued September 2019.

5. Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions - Guidance for Industry and Food and Drug Administration Staff, issued September 2023.

6. Guidance for Industry - Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software, issued January 2005.

7. Postmarket Management of Cybersecurity in Medical Devices - Guidance for Industry and Food and Drug Administration Staff, issued December 2016.

8. Appropriate Use of Voluntary Consensus Standards in Premarket Submissions for Medical Devices - Guidance for Industry and Food and Drug Administration Staff, issued September 2018.

FDA Technical Contacts

OPEQ Cybersecurity Team   FDA/OC/CDRH/OPEQ/   --   OPEQ_Cybersecurity@fda.hhs.gov

CDRH Division of Medical Device Cybersecurity   FDA/OC/CDRH/OST/ORR/   --   CyberMed@fda.hhs.gov

Standards Development Organizations

ANSI	American National Standards Institute	https://www.ansi.org/
ISA	International Society for Automation	https://www.isa.org

FDA Specialty Task Group (STG)

Software/Informatics

*These are provided as examples and others may be applicable.