IEEE Medical Device Cybersecurity Certification Program

With connected devices, telehealth, and remote patient monitoring becoming more widely used, there is an increasing risk of cybersecurity threats. Managing these vulnerabilities can be challenging. It is crucial for device manufacturers, clinicians, hospitals, and testing organizations to work collaboratively to create a safe and interoperable health care environment. The development of standards and adherence to an industry adopted conformity assessment program can help reduce these risks and demonstrate the product’s adheres to guidelines.

Certification Program for Medical Device Manufacturers

The IEEE Medical Device Cybersecurity Certification Program has been developed by the IEEE 2621 Conformity Assessment Committee (CAC), composed of stakeholders such as manufacturers, clinicians, FDA, test laboratories, cybersecurity solutions providers, and industry associations from around the world.

This program offers a straightforward evaluation process with a clear definition of scope and test requirements specific to medical devices; with advantages over other programs:

Pre-assessment of your medical device by an IEEE approved lab
Testing using IEEE 2621 Test Plan and Checklists that remove ambiguity from the process
Standardized report on testing results
IEEE Certification Mark that helps manufacturers differentiate their products from competitors
Certified products to be included in the IEEE Medical Device Registry
Assistance with submission to regulatory bodies.
Meets FDA submission criteria

IEEE 2621 Standards have been recognized by the FDA and are expected to align with the new National Cybersecurity Strategy released by the Biden-Harris administration. The IEEE 2621 certification has been augmented by adding two Inspection Checklists based on IEC 80001-5-1 and IEC/AAMI TIR57. They cover Software Security Lifecycle and Risk Management Assessment respectively. Together they match all functionalities of UL 2900 and meet FDA’s submission requirements. As awareness of the need for diabetes device cybersecurity grows, the medical device industry will likely increasingly adopt these standards for regulatory compliance and product differentiation. IEEE has also been actively planning to extend the standards to other types of medical devices and industries.

Helping medical device developers meet regulatory requirements across the globe.

Conformity assessment programs are the best way to demonstrate to users that connected devices conform to the IEEE 2621™ Series of standards and IEEE 2621 Test Plan. In addition, the IEEE Medical Device Cybersecurity Certification includes Inspection Checklists based on IEC 80001-5-1 and IEC/AAMI TIR57, covering Software Security Lifecycle and Risk Management Assessment respectively and fully meet the Federal Food, Drug, and Cosmetic Act (FD&C Act) Section 524B, Ensuring Cybersecurity of Devices (section 3305).

Already applied use cases include diabetes medical devices, such as:

BGM (Blood Glucose Monitor)
CGM (Continuous Glucose Monitor)
Insulin pump and Insulin Pen
Closed loop system / AID systems

However, the IEEE 2621 Series of standards have been designed to be extensible to all medical devices.

The IEEE Medical Device Cybersecurity Certification Program aids in:

insights and adherence based on global, consensus-based industry standards
knowledge of FDA submission criteria
adherence to best practices
identifying ways to mitigate cyber attacks

All From a Reputable Brand With Proven Processes

IEEE 2621: Cybersecurity Standard for Diabetes Devices

Voted in to the top 5 Regulatory Compliance Solution category
2023 SC Awards Finalists: Best Regulatory Compliance Solution
*This contest held by SC MEDIA – Cyberisk Alliance Resource bills itself as cybersecurity’s most prestigious award program honoring outstanding innovations, organizations and leaders that are advancing the practice of information security.

Learn about the IEEE 2621 Series of Standards

Medical devices used for monitoring and managing diabetes provide life-saving benefits to patients and effective implementation options to healthcare professionals. With ever-increasing connectivity and data exchange there is an increased risk to the safety and privacy between devices. This standard will aid medical device manufacturers and users in managing cybersecurity risks.

IEEE 2621 standards conform to the requirements of ISO 15408 and it is made up of three specifications:

1. IEEE 2621.1 – framework for a connected electronic product security evaluation program
  - Assurance Levels: Basic, Enhanced-Basic, Moderate
  - Lab Accreditation, Certification Criteria, and Assurance Maintenance
2. IEEE 2621.2 – security requirements and protection profile
  - Security threats/risks and functional requirements that counter these threats
  - Protection profile
3. IEEE 2621.3 – guidance for mobile devices in diabetes control contexts

View recent IEEE 2621 article authored by Working Group members

Committee Members

Medical Device Cybersecurity Certification Registries

Approved Products

Company	Product Name	Model Number	Standard	Test Suite	Assurance Package	Certification Date
Ascensia Diabetes Care Holdings AG	Lightning – Contour Next	GM-7901H	IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance	IEEE 2621 Test Plan v1_0	IEEE 2621 Enhanced Basic	13 Dec 2023
Ascensia Diabetes Care Holdings AG	Lightning – Contour Next	GM-7922H	IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance	IEEE 2621 Test Plan v1_0	IEEE 2621 Enhanced Basic	13 Dec 2023
Ascensia Diabetes Care US, Inc.	Lightning – Contour Next GEN	GM-7902H	IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance	IEEE 2621 Test Plan v1_0	IEEE 2621 Enhanced Basic	13 Dec 2023
Ascensia Diabetes Care Holdings AG	Lightning – Contour Plus ELITE	GM-7926H	IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance	IEEE 2621 Test Plan v1_0	IEEE 2621 Enhanced Basic	13 Dec 2023
Ascensia Diabetes Care Holdings AG	Thunder – Contour Care	GM-7951H	IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance	IEEE 2621 Test Plan v1_0	IEEE 2621 Enhanced Basic	13 Dec 2023
Ascensia Diabetes Care Holdings AG	Thunder – Contour Plus BLUE	GM-9267H	IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance	IEEE 2621 Test Plan v1_0	IEEE 2621 Enhanced Basic	13 Dec 2023
Ascensia Diabetes Care US, Inc.	Thunder – Contour Plus BLUE	GM-9268H	IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance	IEEE 2621 Test Plan v1_0	IEEE 2621 Enhanced Basic	13 Dec 2023
Ascensia Diabetes Care Holdings AG	Thunder – Contour Fit	GM-7976H	IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance	IEEE 2621 Test Plan v1_0	IEEE 2621 Enhanced Basic	13 Dec 2023
Ascensia Diabetes Care US, Inc.	Thunder – Contour Fit	GM-7977H	IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance	IEEE 2621 Test Plan v1_0	IEEE 2621 Enhanced Basic	13 Dec 2023
Abbott Diabetes Care Inc.	Abbott Libre 3 Reader	NXP Version 1.0.09	IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance	IEEE 2621 Test Plan v1_0	IEEE 2621 Enhanced Basic	23 Dec 2023

Test Labs

Authorized Test Laboratory	Test Lab Locations	Standard	Test Suite	Test Report
	Austin, Texas Danderyd, Sweden Munich, Germany	IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance	IEEE 2621 Test Plan v1_0	505671-L2-01 dated 18 April 2023

Join the Committee

The certification program is being developed by the IEEE 2621 Conformity Assessment Committee (CAC), comprised of stakeholders, that will benefit users, manufacturers, clinicians, regulators, payers, and other potential beneficiaries.

Join the Committee Now

Submit A Device

Fill out the enrollment form to get the certification process started.

Enroll Now