Manifest, the leader in software supply chain cybersecurity and software bills of materials (SBOM) management, has signed a three-year agreement with a leading medical device manufacturer for a software-as-a-service (SaaS) subscription to its flagship SBOM management capability. The contract was awarded after a thorough market research and competitive “bake-off” process.
The customer, a publicly-traded corporation delivering billions of dollars of medical devices to market annually, specifically sought an SBOM management capability to address the FDA’s new Cybersecurity in Medical Devices guidance. It conducted market research across the SBOM management industry and undertook a multi-month evaluation period across multiple solutions.
“We at Manifest are grateful for the opportunity to serve those who keep us healthy and safe,” says Marc Frankel, Chief Executive Officer at Manifest. “This new contract expands our position in the healthcare space, and we are pleased that we were able to demonstrate the power of our industry-leading SBOM management platform through this competitive process. Product Security and Compliance teams ought to be able to automate as much of their SBOM management as possible, and we’re proud to be able to deliver that to those who safeguard our health and well-being.”
Regulation and Requirements for Medical Device Manufacturers (MDMs)
The recent FDA guidance, specifically 524B(b)(3), “requires manufacturers of cyber devices to provide an SBOM, including commercial, open-source, and off-the-shelf software components.” These SBOMs should (1) meet NTIA specifications, (2) identify software components with vulnerabilities, including those in CISA’s Known Exploited Vulnerabilities catalog, (3) demonstrate safety and security risk assessments, and (4) share information regarding support dates and levels of support.
Source: Company Press Release
