Content of Premarket Submissions for Management of Cybersecurity in Medical Devices; Guidance for Industry and Food and Drug Administration Staff; Availability, 59493-59494 [2014-23457]
Download as PDF
<![CDATA[
Federal Register / Vol. 79, No. 191 / Thursday, October 2, 2014 / Notices
The meeting will be held on
October 27th, 2014 from 9 a.m. to 5 p.m.
EDT.
ADDRESSES: The meeting will be held in
Room 800 in the Hubert H. Humphrey
Building, 200 Independence Avenue
SW., Washington, DC 20201.
Comments: Time is allocated midmorning on the agenda to hear public
comments. The time for oral comments
will be limited to two (2) minutes per
individual. In lieu of oral comments,
formal written comments may be
submitted for the record to Rohini
Khillan, OASPE, 200 Independence
Avenue SW., Room 424E, Washington,
DC 20201. Comments may also be sent
to napa@hhs.gov. Those submitting
written comments should identify
themselves and any relevant
organizational affiliations.
FOR FURTHER INFORMATION: Rohini
Khillan (202) 690–5932, rohini.khillan@
hhs.gov. Note: Seating may be limited.
Those wishing to attend the meeting
must send an email to napa@hhs.gov
and put ‘‘October 27 Meeting
Attendance’’ in the Subject line by
Friday, October 17, so that their names
may be put on a list of expected
attendees and forwarded to the security
officers at the Department of Health and
Human Services. Any interested
member of the public who is a non-U.S.
citizen should include this information
at the time of registration to ensure that
the appropriate security procedure to
gain entry to the building is carried out.
Although the meeting is open to the
public, procedures governing security
and the entrance to Federal buildings
may change without notice. If you wish
to make a public comment, you must
note that within your email.
SUPPLEMENTARY INFORMATION: Notice of
these meetings is given under the
Federal Advisory Committee Act (5
U.S.C. App. 2, section 10(a)(1) and
(a)(2)). Topics of the Meeting: The
Advisory Council will hear
presentations on the basics of long-term
care, including presentations on
programs, settings, and payers. The
Council will use a portion of the
meeting to review the work it has
accomplished thus far towards the 2025
goals, and then discuss the process for
developing recommendations for the
2015 update to the National Plan. The
Council will also hear presentations
from the three subcommittees (Research,
Clinical Care, Long-Term Services and
Supports, and Ethics).
Procedure and Agenda: This meeting
is open to the public. Please allow 30
minutes to go through security and walk
to the meeting room. The meeting will
also be webcast at www.hhs.gov/live .
tkelley on DSK3SPTVN1PROD with NOTICES
DATES:
VerDate Sep<11>2014
17:04 Oct 01, 2014
Jkt 235001
Authority: 42 U.S.C. 11225; Section 2(e)(3)
of the National Alzheimer’s Project Act. The
panel is governed by provisions of Public
Law 92–463, as amended (5 U.S.C. Appendix
2), which sets forth standards for the
formation and use of advisory committees.
Dated: September 22, 2014.
Richard G. Frank,
Assistant Secretary for Planning and
Evaluation.
[FR Doc. 2014–23411 Filed 10–1–14; 8:45 am]
BILLING CODE 4150–28–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Food and Drug Administration
[Docket No. FDA–2013–D–0616]
Content of Premarket Submissions for
Management of Cybersecurity in
Medical Devices; Guidance for
Industry and Food and Drug
Administration Staff; Availability
AGENCY:
Food and Drug Administration,
HHS.
ACTION:
Notice.
The Food and Drug
Administration (FDA) is announcing the
availability of the guidance entitled
‘‘Content of Premarket Submissions for
Management of Cybersecurity in
Medical Devices.’’ This guidance
identifies cybersecurity issues that
manufacturers should consider in
preparing premarket submissions for
medical devices in order to maintain
information confidentiality, integrity,
and availability.
DATES: Submit either electronic or
written comments on this guidance at
any time. General comments on Agency
guidance documents are welcome at any
time.
ADDRESSES: An electronic copy of the
guidance document is available for
download from the Internet. See the
SUPPLEMENTARY INFORMATION section for
information on electronic access to the
guidance. Submit written requests for
single copies of the guidance document
entitled ‘‘Content of Premarket
Submissions for Management of
Cybersecurity in Medical Devices’’ to
the Office of the Center Director,
Guidance and Policy Development,
Center for Devices and Radiological
Health, Food and Drug Administration,
10903 New Hampshire Ave., Bldg. 66,
rm. 5431, Silver Spring, MD 20993–
0002 or the Office of Communication,
Outreach and Development, Center for
Biologics Evaluation and Research,
Food and Drug Administration, 10903
New Hampshire Ave. Bldg. 71, rm.
3128, Silver Spring, MD 20993–0002.
SUMMARY:
PO 00000
Frm 00021
Fmt 4703
Sfmt 4703
59493
Send one self-addressed adhesive label
to assist that office in processing your
request.
Submit electronic comments on the
guidance to https://www.regulations.gov.
Submit written comments to the
Division of Dockets Management (HFA–
305), Food and Drug Administration,
5630 Fishers Lane, rm. 1061, Rockville,
MD 20852. Identify comments with the
docket number found in brackets in the
heading of this document.
FOR FURTHER INFORMATION CONTACT:
Abiy Desta, Center for Devices and
Radiological Health, Food and Drug
Administration, 10903 New Hampshire
Ave., Bldg. 66, rm. 1682, Silver Spring,
MD 20993–0002, 301–796–0293,
Abiy.Desta@fda.hhs.gov; or Stephen
Ripley, Center for Biologics Evaluation
and Research, Food and Drug
Administration, 10903 New Hampshire
Ave., Bldg. 71, rm. 7301, Silver Spring,
MD 20993, 240–402–7911.
SUPPLEMENTARY INFORMATION:
I. Background
This guidance provides
recommendations to consider and
document in FDA medical device
premarket submissions to provide
effective cybersecurity management and
to reduce the risk that device
functionality is intentionally or
unintentionally compromised. The need
for effective cybersecurity to assure
medical device functionality has
become more important with the
increasing use of wireless, Internet- and
network-connected devices and the
frequent electronic exchange of medical
device-related health information.
In the Federal Register of June 14,
2013 (78 FR 35940), FDA announced the
availability of the draft guidance
document. Interested persons were
invited to comment by September 12,
2013. Multiple comments were received
and in response to these comments,
FDA revised the guidance document
and policies as appropriate to clarify the
types of cybersecurity issues that
manufacturers should consider in
preparing premarket submissions for
medical devices in order to maintain
information confidentiality, integrity,
and availability.
II. Significance of Guidance
This guidance is being issued
consistent with FDA’s good guidance
practices regulation (21 CFR 10.115).
This guidance represents the Agency’s
current thinking on management of
cybersecurity in medical devices. It does
not create or confer any rights for or on
any person and does not operate to bind
FDA or the public. An alternative
E:\FR\FM\02OCN1.SGM
02OCN1
59494
Federal Register / Vol. 79, No. 191 / Thursday, October 2, 2014 / Notices
Dated: September 26, 2014.
Leslie Kux,
Assistant Commissioner for Policy.
III. Electronic Access
Persons interested in obtaining a copy
of the guidance may do so by using the
Internet. A search capability for all
Center for Devices and Radiological
Health guidance documents is available
at https://www.fda.gov/MedicalDevices/
DeviceRegulationandGuidance/
GuidanceDocuments/default.htm.
Guidance documents are also available
at https://www.regulations.gov or https://
www.fda.gov/BiologicsBloodVaccines/
GuidanceComplianceRegulatory
Information/Guidances/default.htm.
Persons unable to download an
electronic copy of ‘‘Content of
Premarket Submissions for Management
of Cybersecurity in Medical Devices,’’
may send an email request to CDRHGuidance@fda.hhs.gov to receive an
electronic copy of the document. Please
use the document number 1825 to
identify the guidance you are
requesting.
[FR Doc. 2014–23457 Filed 10–1–14; 8:45 am]
IV. Paperwork Reduction Act of 1995
This guidance refers to previously
approved collections of information
found in FDA regulations. These
collections of information are subject to
review by the Office of Management and
Budget (OMB) under the Paperwork
Reduction Act of 1995 (44 U.S.C. 3501–
3520). The collections of information in
21 CFR part 807, subpart E, have been
approved under OMB control number
0910–0120; the collections of
information in 21 CFR part 812 have
been approved under OMB control
number 0910–0078; the collections of
information in 21 CFR part 814 have
been approved under OMB control
number 0910–0231; the collections of
information in 21 CFR part 814, subpart
H, have been approved under OMB
control number 0910–0332; and the
collections of information in 21 CFR
part 820 have been approved under
OMB control number 0910–0073.
tkelley on DSK3SPTVN1PROD with NOTICES
approach may be used if such approach
satisfies the requirements of the
applicable statute and regulations.
The Common Data Platform (CDP)
includes new instruments for the
Substance Abuse and Mental Health
Services Administration (SAMHSA).
The CDP will replace separate data
collection instruments used for
reporting Government Performance and
Results Act of 1993 (GPRA) measures:
The TRansformation ACcountability
(TRAC) Reporting System (OMB No.
0930–0285) used by the Center for
Mental Health Services (CMHS); the
Prevention Management Reporting and
Training System (PMRTS—OMB No.
0930–0279) used by the Center for
Substance Abuse Prevention (CSAP);
and the Services Accountability and
Improvement System (SAIS—OMB No.
0930–0208) used by the Center for
Substance Abuse Treatment (CSAT).
The CDP will also include two
grantee-level data collection forms
approved by consensus of offices and
Centers within SAMHSA as well as the
Department of Health and Human
Services (HHS): the Infrastructure,
Prevention, and Mental Health
Promotion (IPP) Form used by a subset
of CMHS grantees and the Aggregate
Tool used by CSAT’s Addiction
Technology Transfer Center (ATCC)
grantees.
Approval of this information
collection will allow SAMHSA to
continue to meet Government
Performance and Results Modernization
Act of 2010 (GPRAMA) reporting
requirements and analyses of the data
will help SAMHSA determine whether
progress is being made in achieving its
V. Comments
Interested persons may submit either
electronic comments regarding this
document to https://www.regulations.gov
or written comments to the Division of
Dockets Management (see ADDRESSES). It
is only necessary to send one set of
comments. Identify comments with the
docket number found in brackets in the
heading of this document. Received
comments may be seen in the Division
of Dockets Management between 9 a.m.
and 4 p.m., Monday through Friday, and
will be posted to the docket at https://
www.regulations.gov.
VerDate Sep<11>2014
17:04 Oct 01, 2014
Jkt 235001
BILLING CODE 4164–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Substance Abuse and Mental Health
Services Administration
Agency Information Collection
Activities: Submission for OMB
Review; Comment Request
Periodically, the Substance Abuse and
Mental Health Services Administration
(SAMHSA) will publish a summary of
information collection requests under
OMB review, in compliance with the
Paperwork Reduction Act (44 U.S.C.
Chapter 35). To request a copy of these
documents, call the SAMHSA Reports
Clearance Officer on (240) 276–1243.
Project: Common Data Platform (CDP)—
NEW
PO 00000
Frm 00022
Fmt 4703
Sfmt 4703
mission. The primary purpose of this
data collection system is to promote the
use of common data elements among
SAMHSA grantees and contractors. The
common elements were recommended
by consensus among SAMHSA Centers
and Offices. Analyses of these data will
allow SAMHSA to quantify effects and
accomplishments of its discretionary
grant programs which are consistent
with the OMB-approved GPRA
measures and address goals and
objectives outlined in the Office of
National Drug Control Policy’s
Performance Measures of Effectiveness
and the SAMHSA Strategic Initiatives.
The CDP will be a real-time,
performance management system that
captures information on substance
abuse treatment and prevention and
mental health services delivered in the
United States. A wide range of client
and program information will be
captured through CDP for
approximately 3,000 grants (2,224 for
CMHS; 642 for CSAT; 122 for CSAP;
and 33 for HIV Continuum of Care).
Substance abuse treatment facilities,
mental health service providers, and
substance abuse prevention programs
will submit their data in real-time or on
a monthly or a weekly basis to ensure
that the CDP is an accurate, up-to-date
reflection on the scope of services
delivered and characteristics of the
clients.
In order to carry out section 1105(a)
(29) of GPRA, SAMHSA is required to
prepare a performance plan for its major
programs of activity. This plan must:
• Establish performance goals to
define the level of performance to be
achieved by a program activity;
• Express such goals in an objective,
quantifiable, and measurable form;
• Briefly describe the operational
processes, skills and technology, and
the human, capital, information, or
other resources required to meet the
performance goals;
• Establish performance indicators to
be used in measuring or assessing the
relevant outputs, service levels, and
outcomes of each program activity;
• Provide a basis for comparing actual
program results with the established
performance goals; and
• Describe the means to be used to
verify and validate measured values.
This CDP data collection supports the
GPRAMA, which requires overall
organization management to improve
agency performance and achieve the
mission and goals of the agency through
the use of strategic and performance
planning, measurement, analysis,
regular assessment of progress, and use
of performance information to improve
the results achieved. Specifically, this
E:\FR\FM\02OCN1.SGM
02OCN1
]]>Agencies
[Federal Register Volume 79, Number 191 (Thursday, October 2, 2014)]
[Notices]
[Pages 59493-59494]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-23457]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Food and Drug Administration
[Docket No. FDA-2013-D-0616]
Content of Premarket Submissions for Management of Cybersecurity
in Medical Devices; Guidance for Industry and Food and Drug
Administration Staff; Availability
AGENCY: Food and Drug Administration, HHS.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The Food and Drug Administration (FDA) is announcing the
availability of the guidance entitled ``Content of Premarket
Submissions for Management of Cybersecurity in Medical Devices.'' This
guidance identifies cybersecurity issues that manufacturers should
consider in preparing premarket submissions for medical devices in
order to maintain information confidentiality, integrity, and
availability.
DATES: Submit either electronic or written comments on this guidance at
any time. General comments on Agency guidance documents are welcome at
any time.
ADDRESSES: An electronic copy of the guidance document is available for
download from the Internet. See the SUPPLEMENTARY INFORMATION section
for information on electronic access to the guidance. Submit written
requests for single copies of the guidance document entitled ``Content
of Premarket Submissions for Management of Cybersecurity in Medical
Devices'' to the Office of the Center Director, Guidance and Policy
Development, Center for Devices and Radiological Health, Food and Drug
Administration, 10903 New Hampshire Ave., Bldg. 66, rm. 5431, Silver
Spring, MD 20993-0002 or the Office of Communication, Outreach and
Development, Center for Biologics Evaluation and Research, Food and
Drug Administration, 10903 New Hampshire Ave. Bldg. 71, rm. 3128,
Silver Spring, MD 20993-0002. Send one self-addressed adhesive label to
assist that office in processing your request.
Submit electronic comments on the guidance to https://www.regulations.gov. Submit written comments to the Division of Dockets
Management (HFA-305), Food and Drug Administration, 5630 Fishers Lane,
rm. 1061, Rockville, MD 20852. Identify comments with the docket number
found in brackets in the heading of this document.
FOR FURTHER INFORMATION CONTACT: Abiy Desta, Center for Devices and
Radiological Health, Food and Drug Administration, 10903 New Hampshire
Ave., Bldg. 66, rm. 1682, Silver Spring, MD 20993-0002, 301-796-0293,
Abiy.Desta@fda.hhs.gov; or Stephen Ripley, Center for Biologics
Evaluation and Research, Food and Drug Administration, 10903 New
Hampshire Ave., Bldg. 71, rm. 7301, Silver Spring, MD 20993, 240-402-
7911.
SUPPLEMENTARY INFORMATION:
I. Background
This guidance provides recommendations to consider and document in
FDA medical device premarket submissions to provide effective
cybersecurity management and to reduce the risk that device
functionality is intentionally or unintentionally compromised. The need
for effective cybersecurity to assure medical device functionality has
become more important with the increasing use of wireless, Internet-
and network-connected devices and the frequent electronic exchange of
medical device-related health information.
In the Federal Register of June 14, 2013 (78 FR 35940), FDA
announced the availability of the draft guidance document. Interested
persons were invited to comment by September 12, 2013. Multiple
comments were received and in response to these comments, FDA revised
the guidance document and policies as appropriate to clarify the types
of cybersecurity issues that manufacturers should consider in preparing
premarket submissions for medical devices in order to maintain
information confidentiality, integrity, and availability.
II. Significance of Guidance
This guidance is being issued consistent with FDA's good guidance
practices regulation (21 CFR 10.115). This guidance represents the
Agency's current thinking on management of cybersecurity in medical
devices. It does not create or confer any rights for or on any person
and does not operate to bind FDA or the public. An alternative
[[Page 59494]]
approach may be used if such approach satisfies the requirements of the
applicable statute and regulations.
III. Electronic Access
Persons interested in obtaining a copy of the guidance may do so by
using the Internet. A search capability for all Center for Devices and
Radiological Health guidance documents is available at https://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/default.htm. Guidance documents are also available at
https://www.regulations.gov or https://www.fda.gov/BiologicsBloodVaccines/GuidanceComplianceRegulatoryInformation/Guidances/default.htm. Persons unable to download an electronic copy of
``Content of Premarket Submissions for Management of Cybersecurity in
Medical Devices,'' may send an email request to CDRH-Guidance@fda.hhs.gov to receive an electronic copy of the document.
Please use the document number 1825 to identify the guidance you are
requesting.
IV. Paperwork Reduction Act of 1995
This guidance refers to previously approved collections of
information found in FDA regulations. These collections of information
are subject to review by the Office of Management and Budget (OMB)
under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-3520). The
collections of information in 21 CFR part 807, subpart E, have been
approved under OMB control number 0910-0120; the collections of
information in 21 CFR part 812 have been approved under OMB control
number 0910-0078; the collections of information in 21 CFR part 814
have been approved under OMB control number 0910-0231; the collections
of information in 21 CFR part 814, subpart H, have been approved under
OMB control number 0910-0332; and the collections of information in 21
CFR part 820 have been approved under OMB control number 0910-0073.
V. Comments
Interested persons may submit either electronic comments regarding
this document to https://www.regulations.gov or written comments to the
Division of Dockets Management (see ADDRESSES). It is only necessary to
send one set of comments. Identify comments with the docket number
found in brackets in the heading of this document. Received comments
may be seen in the Division of Dockets Management between 9 a.m. and 4
p.m., Monday through Friday, and will be posted to the docket at https://www.regulations.gov.
Dated: September 26, 2014.
Leslie Kux,
Assistant Commissioner for Policy.
[FR Doc. 2014-23457 Filed 10-1-14; 8:45 am]
BILLING CODE 4164-01-P
