Skip to content

The FDA’s requirements for medical device security and the role of fuzzing

Learn about the United States Food and Drug Administration’s cybersecurity requirements for medical devices and how fuzz testing plays a role in compliance.  

TRUSTED BY
google-2015-3Deutsche_Telekom_2022 1-3bosch-logo-simple 1-2Secunet_Security_Networks_Logo-2Continental_AG_logo 1-2Cariad_Logo-2ETAS-Logo-2

Inside you'll discover:

  • Key documents on USA cybersecurity requirements for medical devices
  • Fuzzing’s role in the FDA’s guidance on cybersecurity and AAMI TIR 57:2016
  • When manufacturers need to comply with the FDA’s security requirements
  • Why fuzzing is highly recommended for testing medical devices
White paper - Medical devices (mockup - high quality)

 

“Fuzz testing is state-of-the-art for testing robustness. Although you can write your own tests, you can never perform as many random and denial-of-service tests as you can with fuzzing. You must perform fuzz testing to prove to the FDA that your device is reliable and that the most common bugs are caught.”
Verana Wieser
Verena WieserMedical Device Consultant, Lorit Consultancy

Inside, you'll discover:

  • How fuzz testing contributes to ISO 21434 compliance.
  • The specifics of cybersecurity validation and verification requirements.
  • How suppliers and OEMs comply with ISO.
  • The benefits of source code fuzz testing, aka white-box fuzzing.
 
mockup-white-paper-iso-fuzz-testing-small

Medical Devices Security: the role of fuzz testing

White paper - Medical Devices (cover)

When to comply with the FDA’s security requirements

If your company plans to sell a medical device on the US market, it must comply with the FDA’s requirements. 

When developing a new medical device and seeking market approval

If the company is not compliant with the requirements, it risks failing the submission for market approval and not getting clearance for the US market. Resubmission implies extra costs and can take months.

When already selling devices on the US market

Medical device manufacturers undergo regular audit checks. If an auditor notices a nonconformity with any of the requirements, the company needs to resolve the nonconformity within a certain timeframe. Download the white paper to learn more.