Manufacturers of medical devices must now show regulators when they apply to the FDA for authorization that they can monitor and address cybersecurity threats once products are on the market.

The new policies — part of the omnibus spending package passed late last year — are outlined in guidance published this week and include a requirement to provide the FDA a “software bill of materials,” which could help device makers be prepared to respond in the event of an attack.