Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · U.S. Code · Title 21 - FOOD AND DRUGS · CHAPTER 9— FEDERAL FOOD, DRUG, AND COSMETIC ACT · Part A— Drugs and Devices · § 360n–2

§ 360n–2. Ensuring cybersecurity of devices

864 words·~4 min read·/usc/title-21/section-360n-2

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

A person who submits an application or submission under section 360(k), 360c, 360e(c), 360e(f), or 360j(m) of this title for a device that meets the definition of a cyber device under this section shall include such information as the Secretary may require to ensure that such cyber device meets the cybersecurity requirements under subsection (b). The sponsor of an application or submission described in subsection
(a)shall— submit to the Secretary a plan to monitor, identify, and address, as appropriate, in a reasonable time, postmarket cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures; design, develop, and maintain processes and procedures to provide a reasonable assurance that the device and related systems are cybersecure, and make available postmarket updates and patches to the device and related systems to address— on a reasonably justified regular cycle, known unacceptable vulnerabilities; and as soon as possible out of cycle, critical vulnerabilities that could cause uncontrolled risks; provide to the Secretary a software bill of materials, including commercial, open-source, and off-the-shelf software components; and comply with such other requirements as the Secretary may require through regulation to demonstrate reasonable assurance that the device and related systems are cybersecure. In this section, the term “cyber device” means a device that— includes software validated, installed, or authorized by the sponsor as a device or in a device; has the ability to connect to the internet; and contains any such technological characteristics validated, installed, or authorized by the sponsor that could be vulnerable to cybersecurity threats. The Secretary may identify devices, or categories or types of devices, that are exempt from meeting the cybersecurity requirements established by this section and regulations promulgated pursuant to this section. The Secretary shall publish in the Federal Register, and update, as appropriate, a list of the devices, or categories or types of devices, so identified by the Secretary. ( June 25, 1938, ch. 675, § 524B , as added Pub. L. 117–328, div. FF, title III, § 3305(a) , Dec. 29, 2022 , 136 Stat. 5832 .)
Connections4 cite this · traces to 2
3 references not yet in our index
  • 136 Stat. 5832
  • 136 Stat. 5833
  • 136 Stat. 5834
Citation graph
cites case law
§ 360n–2
Ensuring cybersecurity of devices
Fed. Reg.×4
Pub. L.Public Law 117-328
U.S.C.§ 321
Stat.136 Stat. 5832
Stat.136 Stat. 5833
Stat.136 Stat. 5834
Cites 5Cited by 4 across 1 source
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.