Earlier this month, the US Food and Drug Administration issued its latest draft guidance on medical device cybersecurity, essentially replacing its 2018 version amid rising cyber-related threats.
While the 2018 guidance referred to the cybersecurity bill of materials (CBOM), the 2022 guidance features the software bill of materials (SBOM). Speaking to Medtech Insight, Morgan Lewis partner Dennis Gucciardo “explained that the SBOM outlined in the 2022 guidance asks a manufacturer to consider a ‘piece of the puzzle’ that a manufacturer did not create.”
“The FDA is saying, though you didn’t design that platform and can’t control it, you still need to consider the vulnerability of it in your risk management,” Dennis said. “You have to take some responsibility for that piece.”