Quick Links: Skip to main page content Skip to Search Skip to Topics Menu Skip to Common Links
  • Decrease font size
  • Return font size to normal
  • Increase font size
U.S. Department of Health and Human Services

Recognized Consensus Standards: Medical Devices
  • Print
  • Share
  • E-mail
-
Super Search Devices@FDA
510(k) | DeNovo | Registration & Listing | Adverse Events | Recalls | PMA | HDE | Classification | Standards
CFR Title 21 | Radiation-Emitting Products | X-Ray Assembler | Medsun Reports | CLIA | TPLC
 

New Search Back To Search Results
Part B: Supplementary Information Sheet (SIS)
FR Recognition List Number 059 Date of Entry 12/19/2022 
FR Recognition Number 13-128
Standard
IEEE UL  Std 2621.2-2022
Standard for Wireless Diabetes Device Security: Information Security Requirements for Connected Diabetes Solutions
Scope/Abstract
This standard describes the security functional requirements (SFRs), which compose a protection profile (PP), for connected diabetes devices (CDDs). The scope of the PP within the development and evaluation process is described in ISO/IEC 15408.1 In particular, a PP defines the IT security requirements of a generic type of Target of Evaluation (TOE) and specifies the security measures to be offered by that TOE to meet stated requirements.
Extent of Recognition
Complete standard
Rationale for Recognition
This standard is relevant to medical devices and is recognized on its scientific and technical merit and/or because it supports existing regulatory policies.

NOTE: Conformance to this standard may not satisfy all the cybersecurity requirements outlined in Section 524B of FD&C Act or the recommendations in the (1) listed below (Relevant FDA Guidance). Manufacturers should consider the information contained within these resources in their assessment of cybersecurity for their device.
Relevant FDA Guidance and/or Supportive Publications*
1. Cybersecurity in Medical Devices: Quality Management System Considerations and Content of Premarket Submissions, Guidance for Industry and Food and Drug Administration Staff, issued February 2026.

2. Postmarket Management of Cybersecurity in Medical Devices, Guidance for Industry and Food and Drug Administration Staff, issued December 2016.

3. Design Considerations and Pre-market Submission Recommendations for Interoperable Medical Devices, Guidance for Industry and Food and Drug Administration Staff, issued September 2017.

4. Content of Premarket Submissions for Device Software Functions, Guidance for Industry and Food and Drug Administration Staff, issued June 2023.

5. Off-The-Shelf Software Use in Medical Devices, Guidance for Industry and Food and Drug Administration Staff, issued August 2023.

6. Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices, Guidance for Industry and Food and Drug Administration Staff, issued September 2022.

7. IEC/ISO 80001-5-1:2022 - Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle.

8. ANSI/NEMA HN 1-2019 - American National Standard - Manufacturer Disclosure Statement for Medical Device Security.

Appropriate Use of Voluntary Consensus Standards in Premarket Submissions for Medical Devices - Guidance for Industry and Food and Drug Administration Staff, issued September 2018.
FDA Technical Contact
 CDRH Division of Medical Device Cybersecurity
  FDA/OC/CDRH/OST/ORR/
  --
  CyberMed@fda.hhs.gov
Standards Development Organizations
IEEE Institute of Electrical and Electronic Engineers https://www.ieee.org/
UL Underwriters Laboratories, Inc. http://www.ul.com/
FDA Specialty Task Group (STG)
Software/Informatics
*These are provided as examples and others may be applicable.
-
-