U.S. CODE
Rulings
AD/CVD
Notices
HTSUS
U.S. Code
Regs
More
Ports
About
Updates
Apps
Larger font
Smaller font
CustomsMobile Pro
beta now open!
Apply for a FREE beta account. Spaces are limited so apply today.
SIGNUP FOR BETA
SEARCH
Toggle Dropdown
Search US Code
Search Leg. Notes
Sort by Rank
Titles Ascending
Titles Descending
10 per page
25 Result/page
50 Result/page
U.S Code last checked for updates: Nov 22, 2024
All Titles
Title 21
Chapter 9
Subchapter V
Part A
§ 360n-1. Priority review for qu...
Part B - Drugs for Rare Diseases...
§ 360n-1. Priority review for qu...
Part B - Drugs for Rare Diseases...
U.S. Code
Notes
§ 360n–2.
Ensuring cybersecurity of devices
(a)
In general
(b)
Cybersecurity requirements
The sponsor of an application or submission described in subsection (a) shall—
(1)
submit to the Secretary a plan to monitor, identify, and address, as appropriate, in a reasonable time, postmarket cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures;
(2)
design, develop, and maintain processes and procedures to provide a reasonable assurance that the device and related systems are cybersecure, and make available postmarket updates and patches to the device and related systems to address—
(A)
on a reasonably justified regular cycle, known unacceptable vulnerabilities; and
(B)
as soon as possible out of cycle, critical vulnerabilities that could cause uncontrolled risks;
(3)
provide to the Secretary a software bill of materials, including commercial, open-source, and off-the-shelf software components; and
(4)
comply with such other requirements as the Secretary may require through regulation to demonstrate reasonable assurance that the device and related systems are cybersecure.
(c)
Definition
In this section, the term “cyber device” means a device that—
(1)
includes software validated, installed, or authorized by the sponsor as a device or in a device;
(2)
has the ability to connect to the internet; and
(3)
contains any such technological characteristics validated, installed, or authorized by the sponsor that could be vulnerable to cybersecurity threats.
(d)
Exemption
(
June 25, 1938, ch. 675, § 524B
, as added
Pub. L. 117–328, div. FF, title III, § 3305(a)
,
Dec. 29, 2022
,
136 Stat. 5832
.)
cite as:
21 USC 360n-2
.list_box li,p,.cm-search-info,.cm-search-detail,.abt span,.expand-collapse_top
Get the CustomsMobile app!