In the wake of increasing concerns—and on the heels of the Biden Administration’s Cybersecurity Executive Order 14028—the FDA published a series of new regulations and recommendations for medical device manufacturers.
These include providing a and SBOM-related information in premarket submissions, as well as ensuring device lifecycle management through comprehensive trust and security measures like Device Trust Manager.
The high stakes involved in managing these requirements—the FDA has right-of- refusal authority for incomplete or inaccurate submissions—has forced many device manufacturers to rethink certain cybersecurity and software transparency tools and processes.
, a leader in digital trust, and Software Composition Analysis/SBOM management platform have come together to make managing FDA cybersecurity compliance much faster, easier, and more scalable. Our joint offering gives device manufacturers the capabilities they need to meet FDA requirements, from SBOM and vulnerability management to device trust and authentication.
“We’re excited to partner with ,” said FOSSA VP of Technology Partnerships and Founding Team Member Carlos Cheung. “This collaboration enhances organizations’ ability to maintain trust across their software supply chains. By integrating ’s verification and trust solutions with ’s solutions, developers can address vulnerabilities in real time, ensuring faster responses to security threats and more efficient communication with end customers. This partnership allows teams to streamline FDA compliance and align with the latest security expectations.”
“At , we’re committed to helping manufacturers build trusted medical devices. By joining forces with FOSSA, we’re giving organizations a powerful way to meet FDA requirements, strengthen supply chain security, and deliver safer patient outcomes,” said Tranel Hawkins, Director of Tech and Strategic Partnerships at .
A leading global manufacturer of connected medical devices has chosen Device Trust Manager to manage the trust, security, and lifecycle of their devices. This includes ensuring that each device is properly authenticated, secured, and continuously monitored, helping the manufacturer meet FDA regulations while delivering critical healthcare services. According to the manufacturer’s head of product security, “’s commitment to healthcare security and flexibility helps us create Digital Trust that harmonizes our different solutions, ensuring the highest levels of security and compliance.”
In addition to producing and with specified data fields, device manufacturers must provide end-of-life (EOL) and end-of-support (EOS) information for each software component as part of their premarket submissions.
Additionally, device manufacturers are required to disclose vulnerabilities associated with the components in their SBOMs—plus mitigations to fix those vulnerabilities, such as what one might find in a VEX document.
The pose significant challenges, as multiple product teams must create SBOMs that conform to a unified data schema. The diverse range of tools, programming languages, software artifacts, and formats complicates data normalization for both internal product security teams and FDA review boards.
’s enables organizations to generate, ingest, combine, monitor, and share SBOMs to satisfy FDA requirements. The platform also has capabilities for enriching SBOMs with level-of-support/end-of-life information and producing vulnerability/VEX assessments along with post-market monitoring.
A representative from one of the world’s leading medical device manufacturers who is using and FOSSA commented, “We were thrilled when we learned about the combined offering from and FOSSA. It not only helped us meet FDA review and compliance requirements but also provided long-term visibility into how our devices are operating. We can confidently assure hospitals that our software is authenticated, secure, and continuously monitored for vulnerabilities.”
As cybersecurity risks continue to rise, the demand for trusted and secure medical devices has never been greater. The combined solution from and FOSSA not only addresses FDA compliance but also empowers device manufacturers to strengthen their entire device lifecycle management process. From ensuring the authenticity and security of devices to managing SBOMs and vulnerabilities, this solution provides manufacturers with the tools they need to protect patient safety and maintain trust with healthcare providers.
Don’t let the complexities of FDA compliance and device security slow your progress. With and FOSSA, you can streamline your compliance processes, enhance the security of your connected devices, and ensure continued trust across your entire supply chain.
Get in touch with our team today to learn how and FOSSA can help you achieve FDA compliance, protect your devices, and secure your future in healthcare. Together, we can help you innovate with confidence, secure patient data, and maintain the trust of your customers.
Want to learn more about topics likedevice trust,software security, andcompliance? Subscribe to the blogto ensure you never miss a story.