2023-11-07 14:40Press release

FDA Gives Full Recognition to AAMI Cybersecurity Guidance Document

Food and Drug Administration facility

The Association for the Advancement of Medical Instrumentation (AAMI) is proud to announce that the U.S. Food and Drug Administration (FDA) has officially extended complete recognition to AAMI’s groundbreaking guidance document on medical device cybersecurity, ANSI/AAMI SW96.

Per the FDA, ANSI/AAMI SW96:2023, Standard for medical device security - Security risk management for device manufacturers, is an important resource for medical device sponsors. The agency’s original announcement states, “The FDA encourages use of this new standard to enhance quality and support product performance.”

Matt Williams, vice president of standards at AAMI, said, “FDA recognition of ANSI/AAMI SW96 is a major milestone. Device manufacturers can confidently use the standard to ensure compliance with FDA requirements and to provide better protection for health systems and patients alike. The standard’s adoption definitively furthers AAMI’s mission of promoting ideal patient outcomes.”

Released earlier this year, SW96 raised the bar for medical device cybersecurity risk management during the design and development stages. It contains clear guidance related to postmarket monitoring of device vulnerabilities, security measures like patching, and software bills of materials.

It is also the first guidance document that provides specific requirements for managing cybersecurity across a product’s life cycle. The standard sets out several key priorities:  

  1. Security risk analysis should be conducted for individual medical devices and systems to identify and document vulnerabilities and risks.
  2. Security risk evaluation should focus on how devices exist within both hardware and software systems.
  3. Security risk control should use more than one method of ensuring devices and systems are protected.
  4. Security risk management plans for medical devices must be in place before distribution and manufacturers must ensure that any residual risk is acceptable. 

The full standard can be found here. Questions? Contact AAMI’s Standards team at standards@aami.org.



About AAMI

AAMI (www.aami.org) is a nonprofit organization founded in 1967. It is a diverse community of more than 10,000 healthcare technology professionals united by one important mission—supporting the healthcare community in the development, management, and use of safe and effective health technology. AAMI is the primary source of consensus standards, both national and international, for the medical device industry, as well as practical information, support, and guidance for health technology and sterilization professionals.


Contacts

Dan Visnovsky
Media Relations Manager
Dan Visnovsky
Your primary press contact for AAMI.