Cybersecurity Design Controls: Evidence that cybersecurity has been considered in the device’s design, including the implementation of necessary security features must be supplied.

Software Bill of Materials (SBOM): A detailed list of all software components, including third-party and open-source elements, to facilitate vulnerability management must be provided.

Postmarket Management: Processes to monitor, identify, and address cybersecurity vulnerabilities postmarket must be established.

Vulnerability Management & Remediation: Proof of vulnerability triaging must be evident in submissions.