Medical Device Cybersecurity Regulatory Tracker

Medical Device Cybersecurity Regulatory Tracker - Blue Goat Cyber https://bluegoatcyber.com/news/regulatory-tracker FDA, CISA, AAMI, EU, and supply-chain regulatory changes that affect medical device cybersecurity submissions and postmarket programs - dated, summarized, with action items. en-us Fri, 05 Jun 2026 00:00:00 GMT [EU Commission] EU Cyber Resilience Act becomes fully applicable https://bluegoatcyber.com/news/regulatory-tracker/eu-cra-applies-2027-12-11 https://bluegoatcyber.com/news/regulatory-tracker/eu-cra-applies-2027-12-11 Sat, 11 Dec 2027 00:00:00 GMT EU Commission Scheduled High impact [Red Hat] RHEL 7 Extended Life Support ends - legacy device fleets need a memo https://bluegoatcyber.com/news/regulatory-tracker/rhel-7-els-end-2026-06 https://bluegoatcyber.com/news/regulatory-tracker/rhel-7-els-end-2026-06 Tue, 30 Jun 2026 00:00:00 GMT Red Hat Scheduled High impact [CISA] CISA adds Linux kernel netfilter use-after-free to KEV (CVE-2026-0511) https://bluegoatcyber.com/news/regulatory-tracker/cisa-kev-linux-netfilter-2026-04 https://bluegoatcyber.com/news/regulatory-tracker/cisa-kev-linux-netfilter-2026-04 Wed, 22 Apr 2026 00:00:00 GMT CISA Active High impact [CISA] CISA adds widely embedded BLE pairing bypass to the KEV https://bluegoatcyber.com/news/regulatory-tracker/cisa-kev-ble-pairing-bypass-2026-04 https://bluegoatcyber.com/news/regulatory-tracker/cisa-kev-ble-pairing-bypass-2026-04 Wed, 15 Apr 2026 00:00:00 GMT CISA Active High impact [AAMI] ANSI/AAMI SW96 Amendment 1 draft circulated for member review https://bluegoatcyber.com/news/regulatory-tracker/aami-sw96-amendment-1-draft-2026-03 https://bluegoatcyber.com/news/regulatory-tracker/aami-sw96-amendment-1-draft-2026-03 Tue, 31 Mar 2026 00:00:00 GMT AAMI Draft Medium impact [FDA] FDA postmarket cybersecurity 'update letter' cadence increases https://bluegoatcyber.com/news/regulatory-tracker/fda-postmarket-2025-update-letter-trend https://bluegoatcyber.com/news/regulatory-tracker/fda-postmarket-2025-update-letter-trend Wed, 18 Mar 2026 00:00:00 GMT FDA Active Medium impact [FDA] FDA finalizes 2026 premarket cybersecurity guidance https://bluegoatcyber.com/news/regulatory-tracker/fda-2026-premarket-cybersecurity-guidance-finalized https://bluegoatcyber.com/news/regulatory-tracker/fda-2026-premarket-cybersecurity-guidance-finalized Tue, 03 Feb 2026 00:00:00 GMT FDA Active High impact [FDA] FDA 2023 premarket cybersecurity guidance superseded https://bluegoatcyber.com/news/regulatory-tracker/fda-2023-premarket-guidance-superseded https://bluegoatcyber.com/news/regulatory-tracker/fda-2023-premarket-guidance-superseded Tue, 03 Feb 2026 00:00:00 GMT FDA Withdrawn Medium impact [FDA] FDA Quality Management System Regulation (QMSR) takes effect https://bluegoatcyber.com/news/regulatory-tracker/fda-qmsr-effective-2026-02-02 https://bluegoatcyber.com/news/regulatory-tracker/fda-qmsr-effective-2026-02-02 Mon, 02 Feb 2026 00:00:00 GMT FDA Active High impact [CycloneDX] CycloneDX 1.6.1 errata clarifies VEX status semantics https://bluegoatcyber.com/news/regulatory-tracker/cyclonedx-1-6-1-errata-vex-2026-01 https://bluegoatcyber.com/news/regulatory-tracker/cyclonedx-1-6-1-errata-vex-2026-01 Thu, 08 Jan 2026 00:00:00 GMT CycloneDX Active Medium impact [ISO/IEC] ISO/IEC 27001:2022 transition deadline passes https://bluegoatcyber.com/news/regulatory-tracker/iso-iec-27001-2022-transition-2025-10-31 https://bluegoatcyber.com/news/regulatory-tracker/iso-iec-27001-2022-transition-2025-10-31 Fri, 31 Oct 2025 00:00:00 GMT ISO/IEC Active Medium impact [CISA] CISA Secure by Design pledge expanded with VEX publication expectation https://bluegoatcyber.com/news/regulatory-tracker/cisa-secure-by-design-pledge-vex-2025-10 https://bluegoatcyber.com/news/regulatory-tracker/cisa-secure-by-design-pledge-vex-2025-10 Tue, 21 Oct 2025 00:00:00 GMT CISA Active Medium impact [MDCG (EU)] MDCG 2019-16 Rev. 2 - cybersecurity expectations for MDR/IVDR submissions https://bluegoatcyber.com/news/regulatory-tracker/mdcg-2019-16-rev2-applies https://bluegoatcyber.com/news/regulatory-tracker/mdcg-2019-16-rev2-applies Tue, 01 Jul 2025 00:00:00 GMT MDCG (EU) Active High impact [HHS 405(d)] HHS 405(d) HICP 2025 edition updates medical device practices https://bluegoatcyber.com/news/regulatory-tracker/hhs-405d-hicp-2025-edition https://bluegoatcyber.com/news/regulatory-tracker/hhs-405d-hicp-2025-edition Tue, 01 Apr 2025 00:00:00 GMT HHS 405(d) Active Medium impact [FDA] FDA finalizes Predetermined Change Control Plans (PCCP) guidance https://bluegoatcyber.com/news/regulatory-tracker/fda-pccp-final-guidance-2024-12 https://bluegoatcyber.com/news/regulatory-tracker/fda-pccp-final-guidance-2024-12 Wed, 04 Dec 2024 00:00:00 GMT FDA Active High impact [NIST] NIST SP 800-216 - federal CVD recommendations finalized https://bluegoatcyber.com/news/regulatory-tracker/nist-sp-800-216-cvd-final-2024-05 https://bluegoatcyber.com/news/regulatory-tracker/nist-sp-800-216-cvd-final-2024-05 Thu, 30 May 2024 00:00:00 GMT NIST Active Medium impact [SPDX (Linux Foundation)] SPDX 3.0 final published - adds AI and dataset profiles https://bluegoatcyber.com/news/regulatory-tracker/spdx-3-0-published-2024-04 https://bluegoatcyber.com/news/regulatory-tracker/spdx-3-0-published-2024-04 Mon, 15 Apr 2024 00:00:00 GMT SPDX (Linux Foundation) Active Medium impact [NIST] NIST Cybersecurity Framework 2.0 published https://bluegoatcyber.com/news/regulatory-tracker/nist-csf-2-0-published-2024-02-26 https://bluegoatcyber.com/news/regulatory-tracker/nist-csf-2-0-published-2024-02-26 Mon, 26 Feb 2024 00:00:00 GMT NIST Active Medium impact [FDA] FD&C Act Section 524B - cyber device requirements in effect https://bluegoatcyber.com/news/regulatory-tracker/fda-section-524b-effective-2023-03-29 https://bluegoatcyber.com/news/regulatory-tracker/fda-section-524b-effective-2023-03-29 Wed, 29 Mar 2023 00:00:00 GMT FDA Active High impact [IEC] IEC 81001-5-1 - secure software lifecycle for health software https://bluegoatcyber.com/news/regulatory-tracker/iec-81001-5-1-edition-1-active https://bluegoatcyber.com/news/regulatory-tracker/iec-81001-5-1-edition-1-active Wed, 01 Dec 2021 00:00:00 GMT IEC Active High impact