Regulatory Drivers:

The FDA has published several documents that outline their guidance on activities that manufacturers should take with medical devices that contain software and can be connected to IT networks through wired or wireless connections such as WiFi, Bluetooth, and even with plain old Cat 5 cable.

Included in these guidance documents is information which the FDA is expecting to be included in new 510(k) submissions of medical devices with software and network connections.


The UL 2900 series of standards consists of the following parts, under the general title ‘Standard for Software Cybersecurity for Network-Connectable Devices’:

  • Part 1: General Requirements for Network-Connectable Devices
  • Part 2-1: Particular Requirements for Healthcare Systems
  • Part 2-2: Particular Requirements for Industrial Control Systems
  • Part 3: General Requirements for the Organization and Product Development Security Lifecycle Processes for Network-Connectable Devices


We can do several types of tests and issue an informative report, including:

  • Known vulnerability scanning
  • Fuzz testing
  • Malware scanning
  • Static Code Analysis
  • Software Weakness evaluation
  • Security controls evaluation
  • FIPS 140-2 Level 2 testing