Recognized Consensus Standards: Medical Devices

Part B: Supplementary Information Sheet (SIS)
FR Recognition List Number	065	Date of Entry 12/22/2025
FR Recognition Number	13-153
Standard
AAMI  CR515:2025 Cybersecurity Consideration Unique to Machine-Learning Enabled Medical Devices
Scope/Abstract This consensus report specifically addresses the unique cybersecurity threats associated with developing and deploying machine learning-enabled medical device software, as distinct from the broader cybersecurity risks applicable to all medical device life cycle phases. This includes potential cybersecurity threats that can arise from or during data collection, product design, product deployment, product use, and maintenance.
Extent of Recognition Complete standard
Rationale for Recognition This standard is relevant to medical devices and is recognized on its scientific and technical merit and/or because it supports existing regulatory policies.
Relevant FDA Guidance and/or Supportive Publications* Postmarket Management of Cybersecurity in Medical Devices - Guidance for Industry and Food and Drug Administration Staff, issued December 2016. Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions - Guidance for Industry and Food and Drug Administration Staff, issued September 2023. Marketing Submission Recommendations for a Predetermined Change Control Plan for Artificial Intelligence-Enabled Device Software Functions - Guidance for Industry and Food and Drug Administration Staff, issued August 2025. Appropriate Use of Voluntary Consensus Standards in Premarket Submissions for Medical Devices - Guidance for Industry and Food and Drug Administration Staff, issued September 2018.
FDA Technical Contact  CDRH Division of Medical Device Cybersecurity   FDA/OC/CDRH/OST/ORR/   --   CyberMed@fda.hhs.gov
Standards Development Organization AAMI Association for the Advancement of Medical Instrumentation http://www.aami.org
FDA Specialty Task Group (STG) Software/Informatics
*These are provided as examples and others may be applicable.