
[Federal Register Volume 79, Number 191 (Thursday, October 2, 2014)]
[Notices]
[Pages 59493-59494]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-23457]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Food and Drug Administration

[Docket No. FDA-2013-D-0616]


Content of Premarket Submissions for Management of Cybersecurity 
in Medical Devices; Guidance for Industry and Food and Drug 
Administration Staff; Availability

AGENCY: Food and Drug Administration, HHS.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The Food and Drug Administration (FDA) is announcing the 
availability of the guidance entitled ``Content of Premarket 
Submissions for Management of Cybersecurity in Medical Devices.'' This 
guidance identifies cybersecurity issues that manufacturers should 
consider in preparing premarket submissions for medical devices in 
order to maintain information confidentiality, integrity, and 
availability.

DATES: Submit either electronic or written comments on this guidance at 
any time. General comments on Agency guidance documents are welcome at 
any time.

ADDRESSES: An electronic copy of the guidance document is available for 
download from the Internet. See the SUPPLEMENTARY INFORMATION section 
for information on electronic access to the guidance. Submit written 
requests for single copies of the guidance document entitled ``Content 
of Premarket Submissions for Management of Cybersecurity in Medical 
Devices'' to the Office of the Center Director, Guidance and Policy 
Development, Center for Devices and Radiological Health, Food and Drug 
Administration, 10903 New Hampshire Ave., Bldg. 66, rm. 5431, Silver 
Spring, MD 20993-0002 or the Office of Communication, Outreach and 
Development, Center for Biologics Evaluation and Research, Food and 
Drug Administration, 10903 New Hampshire Ave. Bldg. 71, rm. 3128, 
Silver Spring, MD 20993-0002. Send one self-addressed adhesive label to 
assist that office in processing your request.
    Submit electronic comments on the guidance to http://www.regulations.gov. Submit written comments to the Division of Dockets 
Management (HFA-305), Food and Drug Administration, 5630 Fishers Lane, 
rm. 1061, Rockville, MD 20852. Identify comments with the docket number 
found in brackets in the heading of this document.

FOR FURTHER INFORMATION CONTACT: Abiy Desta, Center for Devices and 
Radiological Health, Food and Drug Administration, 10903 New Hampshire 
Ave., Bldg. 66, rm. 1682, Silver Spring, MD 20993-0002, 301-796-0293, 
Abiy.Desta@fda.hhs.gov; or Stephen Ripley, Center for Biologics 
Evaluation and Research, Food and Drug Administration, 10903 New 
Hampshire Ave., Bldg. 71, rm. 7301, Silver Spring, MD 20993, 240-402-
7911.

SUPPLEMENTARY INFORMATION:

I. Background

    This guidance provides recommendations to consider and document in 
FDA medical device premarket submissions to provide effective 
cybersecurity management and to reduce the risk that device 
functionality is intentionally or unintentionally compromised. The need 
for effective cybersecurity to assure medical device functionality has 
become more important with the increasing use of wireless, Internet- 
and network-connected devices and the frequent electronic exchange of 
medical device-related health information.
    In the Federal Register of June 14, 2013 (78 FR 35940), FDA 
announced the availability of the draft guidance document. Interested 
persons were invited to comment by September 12, 2013. Multiple 
comments were received and in response to these comments, FDA revised 
the guidance document and policies as appropriate to clarify the types 
of cybersecurity issues that manufacturers should consider in preparing 
premarket submissions for medical devices in order to maintain 
information confidentiality, integrity, and availability.

II. Significance of Guidance

    This guidance is being issued consistent with FDA's good guidance 
practices regulation (21 CFR 10.115). This guidance represents the 
Agency's current thinking on management of cybersecurity in medical 
devices. It does not create or confer any rights for or on any person 
and does not operate to bind FDA or the public. An alternative

[[Page 59494]]

approach may be used if such approach satisfies the requirements of the 
applicable statute and regulations.

III. Electronic Access

    Persons interested in obtaining a copy of the guidance may do so by 
using the Internet. A search capability for all Center for Devices and 
Radiological Health guidance documents is available at http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/default.htm. Guidance documents are also available at 
http://www.regulations.gov or http://www.fda.gov/BiologicsBloodVaccines/GuidanceComplianceRegulatoryInformation/Guidances/default.htm. Persons unable to download an electronic copy of 
``Content of Premarket Submissions for Management of Cybersecurity in 
Medical Devices,'' may send an email request to CDRH-Guidance@fda.hhs.gov to receive an electronic copy of the document. 
Please use the document number 1825 to identify the guidance you are 
requesting.

IV. Paperwork Reduction Act of 1995

    This guidance refers to previously approved collections of 
information found in FDA regulations. These collections of information 
are subject to review by the Office of Management and Budget (OMB) 
under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-3520). The 
collections of information in 21 CFR part 807, subpart E, have been 
approved under OMB control number 0910-0120; the collections of 
information in 21 CFR part 812 have been approved under OMB control 
number 0910-0078; the collections of information in 21 CFR part 814 
have been approved under OMB control number 0910-0231; the collections 
of information in 21 CFR part 814, subpart H, have been approved under 
OMB control number 0910-0332; and the collections of information in 21 
CFR part 820 have been approved under OMB control number 0910-0073.

V. Comments

    Interested persons may submit either electronic comments regarding 
this document to http://www.regulations.gov or written comments to the 
Division of Dockets Management (see ADDRESSES). It is only necessary to 
send one set of comments. Identify comments with the docket number 
found in brackets in the heading of this document. Received comments 
may be seen in the Division of Dockets Management between 9 a.m. and 4 
p.m., Monday through Friday, and will be posted to the docket at http://www.regulations.gov.

    Dated: September 26, 2014.
Leslie Kux,
Assistant Commissioner for Policy.
[FR Doc. 2014-23457 Filed 10-1-14; 8:45 am]
BILLING CODE 4164-01-P


