The US Food and Drug Administration (FDA) has reissued its final guidance on medical device cybersecurity to reflect the agency’s transition from the Quality System Regulation (QSR) to the Quality System Management Regulation (QMSR). The updated FDA cybersecurity guidance was published on 4 February, just two days after the QMSR officially took effect. The revision updates regulatory references throughout the document and aligns cybersecurity expectations with the new quality system framework under 21 CFR Part 820, which now incorporates ISO 13485 by reference. 

According to the agency, the FDA cybersecurity guidance revisions were made under Level 2 guidance procedures. “Revisions issued [...