The FDA Wants to Know: Is Your Software Still Supported?

Why Component Support Status Is the Hardest Part of Medical Device SBOMs

If you're a medical device manufacturer preparing a premarket cybersecurity submission, you've likely heard that the FDA now requires a Software Bill of Materials (SBOM). What you may not realize is that the SBOM itself is just the beginning. Since October 2023, the FDA has been actively enforcing requirements that go far beyond listing the software components in your device. They want to know whether those components are still being taken care of.

This article breaks down what the FDA actually requires for component support status, why it's surprisingly difficult to get right, and what practical approaches exist today.