Certification Program for Medical Device Manufacturers
The IEEE Medical Device Cybersecurity Certification Program has been developed by the IEEE 2621 Conformity Assessment Committee (CAC), composed of stakeholders such as manufacturers, clinicians, FDA, test laboratories, cybersecurity solutions providers, and industry associations from around the world.
This program offers a straightforward evaluation process with a clear definition of scope and test requirements specific to medical devices; with advantages over other programs:
- Pre-assessment of your medical device by an IEEE-recognized lab
- Testing using IEEE 2621 Test Plan and Checklists that remove ambiguity from the process
- Standardized report on testing results
- IEEE Certification Mark that helps manufacturers differentiate their products from competitors
- Certified products to be included in the IEEE Medical Device Registry
- Assistance with submission to regulatory bodies.
- Meets submission criteria for numerous national and extranational jurisdictions including USA and EU
FDA has designated IEEE 2621.2 a Recognized Consensus Standard. It is designed to align with national cybersecurity strategies released by numerous governments, including the U.S. The IEEE 2621 test and evaluation process addresses FDA’s most recent (June 2025) cybersecurity in medical devices considerations and Section 524B of the FD&C Act. IEEE 2621 is designed to align with national cybersecurity strategies released by numerous governments. Certification of a connected medical device to IEEE 2621 is intended to support device manufacturers’ premarket submissions, potentially decreasing the time to approval. As awareness of the need for diabetes device cybersecurity grows, the medical device industry will likely increasingly adopt this standard for regulatory compliance and product differentiation. IEEE is also actively extending this standard to other types of medical devices and industries.
Helping medical device developers meet regulatory requirements across the globe.
Already applied use cases include diabetes medical devices, such as:
- BGM (Blood Glucose Monitor)
- CGM (Continuous Glucose Monitor)
- Insulin pump and Insulin Pen
- Closed loop system / AID systems
However, the IEEE 2621 Series of standards have been designed to be extensible to all medical devices.
The IEEE Medical Device Cybersecurity Certification Program aids in:
- insights and adherence based on global, consensus-based industry standards
- knowledge of premarket submission criteria
- adherence to best practices
- identifying ways to make medical devices more secure
All From a Reputable Brand With Proven Processes
2023 SC Awards Finalists: Best Regulatory Compliance Solution
*This contest held by SC MEDIA – Cyberisk Alliance Resource bills itself as cybersecurity’s most prestigious award program honoring outstanding innovations, organizations and leaders that are advancing the practice of information security.
IEEE 2621 In the News
Growing Demand, Rising Risk: Securing Connected Diabetes Devices
Medical Product Outsourcing
Learn about the IEEE 2621 Series of Standards
Medical devices used for monitoring and managing diabetes provide life-saving benefits to patients and effective implementation options to healthcare professionals. With ever-increasing connectivity and data exchange there is an increased risk to the safety and privacy between devices. This standard will aid medical device manufacturers and users in managing cybersecurity risks.
IEEE 2621 standards conform to the requirements of ISO 15408 and it is made up of three specifications:
-
- IEEE 2621.1 – framework for a connected electronic product security evaluation program
- Assurance Levels: Basic, Enhanced-Basic, Moderate
- Lab Accreditation, Certification Criteria, and Assurance Maintenance
- IEEE 2621.2 – security requirements and protection profile
- Security threats/risks and functional requirements that counter these threats
- Protection profile
- IEEE 2621.3 – guidance for mobile devices in diabetes control contexts
- IEEE 2621.1 – framework for a connected electronic product security evaluation program
View recent IEEE 2621 article authored by Working Group members
Committee Members
Medical Device Cybersecurity Certification Registries
| Authorized Test Laboratory | Test Lab Locations | Standard | Test Suite | Test Report |
|---|---|---|---|---|
 |
Baltimore, Maryland
Barcelona, Spain Granada, Spain Madrid, Spain Ottawa, Canada |
IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance | IEEE 2621 Test Plan v1_1 |
IEEE Std 2621 Authorized Test Lab Checklist and Report
Applus+ c/o jtsec Beyond IT Security, S.L. dated 3 June 2025 |
 |
Princeton, New Jersey | IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance | IEEE 2621 Test Plan v1_1 | 505671-L2-03 dated 4 October 2024 |
 |
Selangor, Malaysia | IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance | IEEE 2621 Test Plan v1_0 | 505671-L2-02 dated 23 July 2024 |
 |
Austin, Texas
Danderyd, Sweden Munich, Germany |
IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance | IEEE 2621 Test Plan v1_0 | 505671-L2-01 dated 18 April 2023 |
Membership Fees
IEEE SA Entity Members receive a 10% discount on annual fees.
| Manufacturers, Solution Providers, End Users, Test Labs and Others | Annual Membership Fees |
|---|---|
| Corporations with more than $500 million annual revenue | $20,000 USD |
| $100 to $500 million annual revenue | $15,000 USD |
| $5 to $100 million annual revenue | $10,000 USD |
| Less than $5 million annual revenue, academic institutions, associations, nonprofits, government agencies | $5,000 USD |
Join the Committee
The certification program is being developed by the IEEE 2621 Conformity Assessment Committee (CAC), comprised of stakeholders, that will benefit users, manufacturers, clinicians, regulators, payers, and other potential beneficiaries.
Submit A Device
Fill out the enrollment form to get the certification process started.