Standards, Guidance & Notices
Showing 1–2 of 2
MHLW
Notice
Notice
MHLW-PFSB-MDED-0328-No.1
Guidance on Vulnerability Management to Ensure Cybersecurity of Medical Devices
Notice on post-market vulnerability management framework. Requires manufacturers/distributors to integrate vulnerability monitoring, evaluation, response, and disclosure processes (including SBOM utilization) into quality management systems. Mandates establishment of PSIRT structure, clear vulnerability notification policies to customers, and practical end-of-life support management procedures.
Published: 2024-03-28
IMDRF
IMDRF/CYBER WG/N73FINAL:2023
Principles and Practices for Software Bill of Materials (SBOM) in Medical Device Cybersecurity (FINAL 2023)
This document specifies IMDRF guidance on creating, managing, and sharing Software Bill of Materials (SBOM) for medical devices. It defines minimum SBOM elements, acceptable formats, and lifecycle management approaches necessary for effective cybersecurity management. Manufacturers should develop and maintain accurate SBOMs documenting all software components and dependencies throughout product lifecycle. The document provides the practical foundation for FDA 2023 final guidance SBOM submission requirements and supports implementation of Japan's vulnerability management notification requirements from the Ministry of Health, Labour and Welfare. SBOMs enable manufacturers, regulators, and healthcare organizations to identify and respond rapidly to software vulnerabilities affecting medical devices.
Published: 2023-04-01