To keep track of various versions of your SBOM and to ensure that your SBOM is accurate for each product release to meet FDA requirements and protect your customers and their patients, you should create a new version of your SBOM whenever your team:
Updates the device or application
Adds or removes a dependency component or changes a dependency component version
Adds one or more Windows KBs to a device version
Adds a Windows KB to a vulnerability
This will help ensure your readiness for your pre-market FDA submission, while ensuring that customers post-market understand whether they are affected by vulnerabilities associated with a particular version of your product. Refer to Export your SBOM for more information.