Is my device a cyber device?
PreviousUnderstand new FDA cybersecurity requirements for cyber devicesNextWhat if I already submitted my cyber device?
Last updated
Was this helpful?
Last updated
Was this helpful?
According to the as of October 12, 2023:
Section 524B(c) of the FD&C Act defines "cyber device" as a device that (1) includes software validated, installed, or authorized by the sponsor as a device or in a device, (2) has the ability to connect to the internet, and (3) contains any such technological characteristics validated, installed, or authorized by the sponsor that could be vulnerable to the cybersecurity threats. If manufacturers are unsure as to whether their device is a cyber device, they may contact the FDA.
This means that if you device has an electronic interface of any type, such as wi-fi or USB, regardless of whether it was intended to be connected to the internet or not, you need to provide proof that the device cannot be connected to the internet.
Risks increase if the device contains one or more of these interfaces:
Wired: USB, ethernet, RF, inductive, cloud, etc.
Wireless: wi-fi, Bluetooth, RF, inductive, cloud, etc.
Cybersecurity considerations apply for the entire system, not just the end device. Examples include:
Software update infrastructure
Cloud applications
Commercial devices (phones, tablets, computers, etc.)