00095 Cybersecurity in Medical Devices- Scope

00095 Cybersecurity in Medical Devices- Scope

Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions

1. Scope
   This guidance document is applicable to devices that contain software (including firmware) or programmable logic, as well as software as a medical device (SaMD). The guidance is not limited to devices that are network-enabled or contain other connected capabilities. This
   guidance describes recommendations regarding the cybersecurity information to be submitted for devices under the following premarket submission types
   · Premarket Notification (510(k)) submissions;
   · De Novo requests;
   · Premarket Approval Applications (PMAs) and PMA supplements;
   · Product Development Protocols (PDPs);
   · Investigational Device Exemption (IDE) submissions; and
   · Humanitarian Device Exemption (HDE) submissions.

   This guidance applies to all types of devices within the meaning of section 201(h) of the Federal Food, Drug, and Cosmetic Act (FD&C Act) whether or not they require a premarket submission. Therefore, the information in this guidance should also be considered for understanding FDA’s recommendations for devices for which a premarket submission is not required (e.g., for 510(k)-exempt devices).
   As IDE submissions have a different benefit-risk threshold and are not marketing authorizations, specific considerations for IDE submission documentation are provided in Appendix
   Appendix 4 contains terminology used throughout the guidance