FDA Gives Full Recognition to AAMI Cybersecurity Guidance Document | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Arlington, VA, Nov. 14, 2023 (GLOBE NEWSWIRE) — The Association for the Advancement of Medical Instrumentation (AAMI) is proud to announce that the U.S. Food and Drug Administration has officially extended complete recognition to AAMI’s groundbreaking guidance document on medical device cybersecurity, ANSI/AAMI SW96.

Per the FDA, ANSI/AAMI SW96:2023, Standard for medical device security – Security risk management for device manufacturers, is an important resource for medical device sponsors. The agency’s original announcement states, “The FDA encourages use of this new standard to enhance quality and support product performance.”

Matt Williams, vice president of standards at AAMI, said, “FDA recognition of ANSI/AAMI SW96 is a major milestone. Device manufacturers can confidently use the standard to ensure compliance with FDA requirements and to provide better protection for health systems, hospitals, and patients alike. The standard’s adoption definitively furthers AAMI’s mission of promoting ideal patient outcomes.”

Released earlier this year, SW96 raised the bar for cybersecurity risk management during the design and development of medical devices. It also contains clear guidance related to postmarket monitoring of device vulnerabilities, security measures like patching, and the use of a software bill of materials.

SW96 is also the first industry guidance document that provides specific requirements for managing cybersecurity across a product’s life cycle. The standard sets out several vital priorities for manufacturers:

  1. Security risk analysis should be conducted for individual medical devices and systems to identify and document vulnerabilities and risks.

  2. Security risk evaluation should focus on how devices exist within both hardware and software systems.

  3. Security risk control should use more than one method of ensuring devices and systems are protected.

  4. Security risk management plans for medical devices must be in place before distribution and manufacturers must ensure that any residual risk is acceptable. 

The full standard can be found here. If you have questions regarding the standard’s content, requirements, or access to the document, please contact AAMI’s Standards team at [email protected].


Click Here For The Original Source.

How can I help you?
National Cyber Security