80 FR 76022 - Moving Forward: Collaborative Approaches to Medical Device Cybersecurity; Public Workshop; Request for Comments
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Food and Drug Administration Federal Register Volume 80, Issue 234 (December 7, 2015)
Food and Drug Administration
Federal Register Volume 80, Issue 234 (December 7, 2015)
| Page Range | 76022-76025 | |
| FR Document | 2015-30772 |
[Federal Register Volume 80, Number 234 (Monday, December 7, 2015)] [Notices] [Pages 76022-76025] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2015-30772] ----------------------------------------------------------------------- DEPARTMENT OF HEALTH AND HUMAN SERVICES Food and Drug Administration [Docket No. FDA-2014-N-1286] Moving Forward: Collaborative Approaches to Medical Device Cybersecurity; Public Workshop; Request for Comments AGENCY: Food and Drug Administration, HHS. ACTION: Notice of public workshop; request for comments. ----------------------------------------------------------------------- SUMMARY: The Food and Drug Administration (FDA) is announcing the following public workshop entitled ``Moving Forward: Collaborative Approaches to Medical Device Cybersecurity.'' FDA, in collaboration with the National Health Information Sharing Analysis Center (NH-ISAC), the Department of Health and Human Services, and the Department of Homeland Security, seek to bring together diverse stakeholders to discuss complex challenges in medical device cybersecurity that impact the medical device ecosystem. The purpose of this workshop is to highlight past collaborative efforts; increase awareness of existing maturity models (i.e. frameworks leveraged for benchmarking an organization's processes) which are used to evaluate cybersecurity status, standards, and tools in development; and to engage the multi- stakeholder community in focused discussions on unresolved gaps and challenges that have hampered progress in advancing medical device cybersecurity. DATES: The public workshop will be held January 20-21, 2016, from 9 a.m. to 5:30 p.m. Submit either electronic or written comments on the public workshop by February 22, 2016. ADDRESSES: The public workshop will be held at the FDA White Oak Campus, 10903 New Hampshire Ave., Building 31 Conference Center, the Great Room, (Rm. 1503), Silver Spring, MD 20993-0002. Entrance for the public meeting participants (non-FDA employees) is through Building 1 where routine security check procedures will be performed. For parking and security information, please refer to http://www.fda.gov/AboutFDA/WorkingatFDA/BuildingsandFacilities/WhiteOakCampusInformation/ucm241740.htm. [[Page 76023]] You may submit comments as follows: Electronic Submissions Submit electronic comments in the following way:Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments. Comments submitted electronically, including attachments, to http://www.regulations.gov will be posted to the docket unchanged. Because your comment will be made public, you are solely responsible for ensuring that your comment does not include any confidential information that you or a third party may not wish to be posted, such as medical information, your or anyone else's Social Security number, or confidential business information, such as a manufacturing process. Please note that if you include your name, contact information, or other information that identifies you in the body of your comments, that information will be posted on http://www.regulations.gov. If you want to submit a comment with confidential information that you do not wish to be made available to the public, submit the comment as a written/paper submission and in the manner detailed (see ``Written/Paper Submissions'' and ``Instructions''). Written/Paper Submissions Submit written/paper submissions as follows: Mail/Hand delivery/Courier (for written/paper submissions): Division of Dockets Management (HFA-305), Food and Drug Administration, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852. For written/paper comments submitted to the Division of Dockets Management, FDA will post your comment, as well as any attachments, except for information submitted, marked and identified, as confidential, if submitted as detailed in ``Instructions.'' Instructions: All submissions received must include the Docket No. FDA-2014-N-1286 for ``Moving Forward: Collaborative Approaches to Medical Device Cybersecurity.'' Received comments will be placed in the docket and, except for those submitted as ``Confidential Submissions,'' publicly viewable at http://www.regulations.gov or at the Division of Dockets Management between 9 a.m. and 4 p.m., Monday through Friday. Confidential Submissions--To submit a comment with confidential information that you do not wish to be made publicly available, submit your comments only as a written/paper submission. You should submit two copies total. One copy will include the information you claim to be confidential with a heading or cover note that states ``THIS DOCUMENT CONTAINS CONFIDENTIAL INFORMATION''. The Agency will review this copy, including the claimed confidential information, in its consideration of comments. The second copy, which will have the claimed confidential information redacted/blacked out, will be available for public viewing and posted on http://www.regulations.gov. Submit both copies to the Division of Dockets Management. If you do not wish your name and contact information to be made publicly available, you can provide this information on the cover sheet and not in the body of your comments and you must identify this information as ``confidential.'' Any information marked as ``confidential'' will not be disclosed except in accordance with 21 CFR 10.20 and other applicable disclosure law. For more information about FDA's posting of comments to public dockets, see 80 FR 56469, September 18, 2015, or access the information at: http://www.fda.gov/regulatoryinformation/dockets/default.htm. Docket: For access to the docket to read background documents or the electronic and written/paper comments received, go to http://www.regulations.gov and insert the docket number, found in brackets in the heading of this document, into the ``Search'' box and follow the prompts and/or go to the Division of Dockets Management, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852. FOR FURTHER INFORMATION CONTACT: Suzanne Schwartz, Food and Drug Administration, Center for Devices and Radiological Health, 10903 New Hampshire Ave., Bldg. 66, Rm. 5428, Silver Spring, MD 20993, 301-796- 6937, [email protected]. SUPPLEMENTARY INFORMATION: I. Background Effective medical device cybersecurity to assure device safety and functionality has become more important with the increasing use of wireless, Internet- and network-connected devices, and the frequent electronic exchange of medical device-related health information. As medical devices become more connected and interoperable, the potential for exploit of device vulnerabilities, whether intentional or not, increases. Rather than impacting a single device or single system, multiple devices or an entire hospital network may be compromised. In the past, the Healthcare and Public Health (HPH) sector has been the target of many attempts at intrusion. Protecting the HPH critical infrastructure from attack by strengthening cybersecurity is a high priority for the Federal government. Cybersecurity is the subject of recent Executive Orders focused on enhancing the cybersecurity of critical infrastructure (E.O. 13636) (Ref. 1) and increasing cybersecurity information sharing (E.O. 13691) (Ref. 2). Furthermore, Presidential Policy Directive 21 tasks the Federal government to work together with the private sector in order to strengthen the security and resilience of critical infrastructure against physical and cyber threats (Ref. 3). This public workshop will bring together diverse stakeholders from the public and private sector to discuss the current state of medical device cybersecurity, including its evolution over the past 12 months. Moreover, the workshop plans to provide a vision for the desired state of medical device cybersecurity through ongoing collaboration and new partnerships over the next 12 months. Meeting participants are encouraged to formulate strategies and feasible action plans to address gaps, such as management of vulnerabilities in legacy devices. These diverse stakeholders include, but are not limited to: Medical device manufacturers; healthcare facilities and personnel (e.g., healthcare providers, biomedical engineers, IT system administrators); professional and trade organizations including medical device cybersecurity consortia; patient groups; insurance providers; cybersecurity researchers; local, State, and Federal Governments; and information security firms. A voluntary, risk-based framework for achieving enhanced cybersecurity was developed by the National Institute of Standards and Technology (NIST) in collaboration with external public and private sector partners (Ref. 4). Since its release in February 2014, the ``Framework for Improving Critical Infrastructure Cybersecurity'' (Framework) has been leveraged by entities within the HPH sector to better manage and reduce cybersecurity risks. This workshop aims to highlight some of the ways that the Framework has been employed to better understand, manage, communicate, and mitigate medical device cybersecurity risks across the medical device total product lifecycle. Medical device cybersecurity vulnerabilities, if exploited, may result in device malfunction, disruption of healthcare services including treatment interventions, inappropriate access to patient information, or compromised electronic health record data integrity. [[Page 76024]] Such outcomes could have a profound impact on patient care and safety. In the last few years, HPH sector stakeholders have been engaged in many collaborative activities that seek to strengthen medical device cybersecurity and, therefore, enhance patient safety. FDA has contributed to these efforts through guidance, multi-stakeholder engagement, outreach, and by hosting a 2014 public workshop on cybersecurity (Ref. 5). The 2016 public workshop announced in this Federal Register notice will build upon previous work by featuring some of the collaborative efforts that address medical device cybersecurity through education and training, information sharing, standards, risk assessment, and tools development. Though progress is evident, key hurdles continue to impede maturation of the HPH community's cybersecurity posture. This workshop seeks to increase awareness among stakeholders and create a common understanding of potential threats and vulnerabilities, as well as to present proactive preventative measures that may be universally employed as best practices and good cyber hygiene. The workshop also aims to facilitate extensive dialogue and articulate paths forward in the critical areas of information sharing, coordinated vulnerability disclosure and vulnerability management, and the Common Vulnerability Scoring System (CVSS). Information sharing continues to be a challenge as stakeholders work to define processes to create a trusted environment. Coordinated vulnerability disclosure is an important component of information sharing. Proactively identifying, assessing, and managing medical device vulnerabilities before they are exploited is one way to protect against potential patient harm. Vulnerabilities may be identified by the device manufacturer as well as by external entities such as healthcare facilities, cybersecurity researchers, and other sectors of critical infrastructure. As described in International Organization for Standardization/International Electrotechnical Commission 29147:2014, ``Coordinated disclosure, also known as responsible disclosure, is a vulnerability disclosure model in which all stakeholders agree to delay publishing vulnerability details for an agreed-upon period of time, generally after a patch to mitigate the vulnerability is available. The model includes steps that simplify the otherwise-complex, back-and-forth communications between the vulnerability finder and the affected manufacturer'' (Ref. 6). Coordinated disclosure is just one aspect of vulnerability management. Understanding how a vulnerability may affect device functionality, assessing the vulnerability impact across multiple product types, and identifying mitigations that may be employed until a permanent fix may be implemented are all critical components of vulnerability management that should be addressed throughout the medical device total product lifecycle. This workshop provides an opportunity for stakeholders to explore implementation of coordinated vulnerability disclosure and vulnerability management, including existing standards, models, best practices, and lessons learned in this area. One of the tools that manufacturers or healthcare facilities may use to assess and manage the impact of vulnerability is CVSS. CVSS is a risk assessment tool that provides an open and standardized method for rating information technology vulnerabilities. However, incorporating CVSS into medical device vulnerability assessments has proven to be a challenge in that it does not directly incorporate patient risk and public health impact factors. This workshop encourages robust dialogue on how CVSS might be adapted for medical devices and how considerations of the use environment might be incorporated in a more standardized manner into medical device CVSS scores. II. Topics for Discussion at the Public Workshop The public workshop sessions are designed to incorporate the following general themes: Envisioning a roadmap for coordinated vulnerability disclosure and vulnerability management as part of the broader effort to create a trusted environment for information sharing. [cir] How might the stakeholder community create incentives to encourage stakeholder participation? [cir] What do individual stakeholders need to understand and be aware of regarding coordinated disclosure? [cir] What current tools and models presently exist that may aid stakeholders in implementing disclosure and vulnerability management? [cir] How can the security researcher community work in collaboration with HPH stakeholders to identify, assess, and mitigate vulnerabilities? Sharing FDA's current thinking on the implementation of the Framework in the medical device total product lifecycle. Adapting cybersecurity and/or risk assessment tools such as CVSS for the medical device operational environment. Adapting and/or implementing existing cybersecurity standards for medical devices. Understanding the challenges that manufacturers face as they increase collaboration with external third parties (cybersecurity researchers, Information Sharing and Analysis Organizations (ISAOs), and end users), to resolve cybersecurity vulnerabilities that impact their devices. Note that an ISAO is a group created to gather, analyze, and disseminate critical infrastructure information (Ref. 7). Gaining situational awareness of the current activities in the HPH sector to enhance medical device cybersecurity. Identifying cybersecurity gaps and challenges that persist in the medical device ecosystem and begin crafting action plans to address them. Registration: Registration is free and available on a first-come, first-served basis. Persons interested in attending this public workshop must register online by January 13, 2016, at 4 p.m. Early registration is recommended because facilities are limited and, therefore, FDA may limit the number of participants from each organization. If time and space permits, onsite registration on the day of the public workshop will be provided beginning at 8 a.m. If you need special accommodations due to a disability, please contact Susan Monahan, Center for Devices and Radiological Health, Office of Communication and Education, 301-796-5661 or email: [email protected] no later than January 7, 2016. Please provide complete contact information for each attendee, including name, title, affiliation, email, and telephone number. Those without Internet access should contact Susan Monahan to register. Registrants will receive confirmation after they have been accepted. You will be notified if you are on a waiting list. Streaming Webcast of the Public Workshop: This public workshop will also be Webcast. The Webcast link will be available on the registration Web page after January 13, 2016. Please visit FDA's Medical Devices News & Events--Workshops & Conferences calendar at http://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/default.htm. Select this meeting/public workshop from the posted events list. If you have never attended a Connect Pro event before, test your connection at https://collaboration.fda.gov/common/help/en/support/meeting_test.htm. To get a [[Page 76025]] quick overview of the Connect Pro program, visit http://www.adobe.com/go/connectpro_overview. FDA has verified the Web site addresses in this document, but FDA is not responsible for any subsequent changes to the Web site after this document publishes in the Federal Register. Transcripts: Please be advised that as soon as a transcript is available, it will be accessible at http://www.regulations.gov. It may be viewed at the Division of Dockets Management (see ADDRESSES). A transcript will also be available in either hardcopy or on CD-ROM, after submission of a Freedom of Information request. The Freedom of Information office address is available on the Agency's Web site at http://www.fda.gov. A link to the transcripts will also be available approximately 45 days after the public workshop on the Internet at http://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/default.htm. (Select this public workshop from the posted events list). III. References The following references are on display in the Division of Dockets Management (see ADDRESSES) and are available for viewing by interested persons between 9 a.m. and 4 p.m., Monday through Friday; they are also available electronically at http://www.regulations.gov. FDA has verified the Web site addresses, as of the date this document publishes in the Federal Register, but Web sites are subject to change over time. 1. Executive Order 13636, ``Improving Critical Infrastructure Cybersecurity,'' February 19, 2013 (http://www.thefederalregister.org/fdsys/pkg/FR-2013-02-19/pdf/2013-03915.pdf). 2. Executive Order 13691, ``Promoting Private Sector Cybersecurity Information Sharing,'' February 13, 2015 (http://www.thefederalregister.org/fdsys/pkg/FR-2015-02-20/pdf/2015-03714.pdf). 3. Presidential Policy Directive 21, ``Critical Infrastructure Security and Resilience,'' February 12, 2013 (http://www.whitehouse.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil). 4. National Institute of Standards and Technology (NIST), ``Framework for Improving Critical Infrastructure Cybersecurity,'' version 1, February 12, 2014 (http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf). 5. Food and Drug Administration, ``Public Workshop--Collaborative Approaches for Medical Device and Healthcare Cybersecurity, October 21-22, 2014.'' October 11, 2015 (http://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm412979.htm). 6. ``ISO/IEC 29147:2014--Information Technology--Security Techniques--Vulnerability Disclosure,'' (http://www.iso.org/iso/catalogue_detail.htm?csnumber=45170). 7. Department of Homeland Security, ``Frequently Asked Questions About Information Sharing and Analysis Organizations (ISAOs),'' November 17, 2015 (http://www.dhs.gov/isao-faq). Dated: December 2, 2015. Peter Lurie, Associate Commissioner for Public Health Strategy and Analysis. [FR Doc. 2015-30772 Filed 12-4-15; 8:45 am] BILLING CODE 4164-01-P
![76022 Federal Register / Vol. 80, No. 234 / Monday, December 7, 2015 / Notices
Demonstration Projects’’ study. This serve domestic victims of human interviews will include follow up
notice addresses the cross-site process trafficking, as well as evaluation interviews. Interviews from multiple
evaluation to be conducted with the FY strategies for future programs targeting perspectives will enhance the
2015 domestic human trafficking trafficking victims. government’s understanding of
demonstration sites funded by the The evaluation of domestic human strategies by which grantees can
Family and Youth Services Bureau trafficking demonstration projects will identify, engage and serve diverse
(FYSB). document and describe each site’s populations of victims of sever forms of
The objective of the process community and organizational capacity; human trafficking.
evaluation is to describe program partnership composition and
operations and implementation functioning; comprehensive, victim- Respondents: Case managers at the
experience, such as start-up efforts, centered services; and survivor three FY 2015 FYSB funded
service provision to a wide array of characteristics, experiences, and demonstration projects; staff (e.g.,
trafficking victims, collaboration outcomes. Primary data for the program managers and directors) from
development, training, and evaluation will be collected via partner organizations that are working
sustainability actions. Information from qualitative interviews, including key with the three FY 2015 FYSB-funded
the evaluation will assist federal, state, informant interviews, case narrative demonstration projects; and clients who
and community policymakers and interviews and client interviews. Data have received services from the three FY
funders in laying the groundwork for will be collected in two waves, during 2015 FYSB-funded demonstration
the refinement of program models to 2016 and 2017. Only the case narrative projects.
ANNUAL BURDEN ESTIMATES
Annual Number of Average
Total number Annual burden
Instrument number of responses per burden hours
of respondents hours
respondents respondent per response
Partner Interviews ................................................................ 30 15 1 1.25 19
Case Manger Interview ........................................................ 30 15 1 1.25 19
Case Narrative Interview ..................................................... 30 15 1 1 15
Client Interview .................................................................... 30 15 1 1 15
Project Director Interview ..................................................... 6 3 1 2 6
Estimated Total Annual Burden other forms of information technology. Homeland Security, seek to bring
Hours: 74. Consideration will be given to together diverse stakeholders to discuss
In compliance with the requirements comments and suggestions submitted complex challenges in medical device
of Section 3506(c)(2)(A) of the within 60 days of this publication. cybersecurity that impact the medical
Paperwork Reduction Act of 1995, the device ecosystem. The purpose of this
Robert Sargis,
Administration for Children and workshop is to highlight past
ACF Certifying Officer. collaborative efforts; increase awareness
Families is soliciting public comment
[FR Doc. 2015–30742 Filed 12–4–15; 8:45 am] of existing maturity models (i.e.
on the specific aspects of the
information collection described above. BILLING CODE 4184–01–P frameworks leveraged for benchmarking
Copies of the proposed collection of an organization’s processes) which are
information can be obtained and used to evaluate cybersecurity status,
DEPARTMENT OF HEALTH AND standards, and tools in development;
comments may be forwarded by writing HUMAN SERVICES
to the Administration for Children and and to engage the multi-stakeholder
Families, Office of Planning, Research Food and Drug Administration community in focused discussions on
and Evaluation, 330 C Street SW., unresolved gaps and challenges that
Washington, DC 20201, Attn: OPRE [Docket No. FDA–2014–N–1286] have hampered progress in advancing
Reports Clearance Officer. Email medical device cybersecurity.
address: OPREinfocollection@ Moving Forward: Collaborative DATES: The public workshop will be
acf.hhs.gov. All requests should be Approaches to Medical Device held January 20–21, 2016, from 9 a.m.
identified by the title of the information Cybersecurity; Public Workshop; to 5:30 p.m. Submit either electronic or
collection. Request for Comments written comments on the public
The Department specifically requests AGENCY: Food and Drug Administration, workshop by February 22, 2016.
comments on (a) whether the proposed HHS. ADDRESSES: The public workshop will
collection of information is necessary ACTION: Notice of public workshop; be held at the FDA White Oak Campus,
for the proper performance of the request for comments. 10903 New Hampshire Ave., Building
functions of the agency, including 31 Conference Center, the Great Room,
whether the information shall have SUMMARY: The Food and Drug (Rm. 1503), Silver Spring, MD 20993–
practical utility; (b) the accuracy of the Administration (FDA) is announcing the 0002. Entrance for the public meeting
mstockstill on DSK4VPTVN1PROD with NOTICES
agency’s estimate of the burden of the following public workshop entitled participants (non-FDA employees) is
proposed collection of information; (c) ‘‘Moving Forward: Collaborative through Building 1 where routine
the quality, utility, and clarity of the Approaches to Medical Device security check procedures will be
information to be collected; and (d) Cybersecurity.’’ FDA, in collaboration performed. For parking and security
ways to minimize the burden of the with the National Health Information information, please refer to http://www.
collection of information on Sharing Analysis Center (NH–ISAC), the fda.gov/AboutFDA/WorkingatFDA/
respondents, including through the use Department of Health and Human BuildingsandFacilities/WhiteOak
of automated collection techniques or Services, and the Department of CampusInformation/ucm241740.htm.
VerDate Sep<11>2014 18:36 Dec 04, 2015 Jkt 238001 PO 00000 Frm 00064 Fmt 4703 Sfmt 4703 E:\FR\FM\07DEN1.SGM 07DEN1](https://thefederalregister.org/doc/80_FR_76256/page/1.svg)
![Federal Register / Vol. 80, No. 234 / Monday, December 7, 2015 / Notices 76025
quick overview of the Connect Pro 6. ‘‘ISO/IEC 29147:2014—Information Order 13544, dated June 10, 2010, to
program, visit http://www.adobe.com/ Technology—Security Techniques— comply with the statutes under Section
go/connectpro_overview. FDA has Vulnerability Disclosure,’’ (http://www.
4001 of the Patient Protection and
iso.org/iso/catalogue_detail.htm
verified the Web site addresses in this ?csnumber=45170). Affordable Care Act, Public Law 111–
document, but FDA is not responsible 7. Department of Homeland Security, 148. The Advisory Group was
for any subsequent changes to the Web ‘‘Frequently Asked Questions About established to assist in carrying out the
site after this document publishes in the Information Sharing and Analysis mission of the National Prevention,
Federal Register. Organizations (ISAOs),’’ November 17, Health Promotion, and Public Health
Transcripts: Please be advised that as 2015 (http://www.dhs.gov/isao-faq).
Council (the Council). The Advisory
soon as a transcript is available, it will Dated: December 2, 2015. Group provides recommendations and
be accessible at http:// Peter Lurie, advice to the Council.
www.regulations.gov. It may be viewed Associate Commissioner for Public Health
at the Division of Dockets Management The Advisory Group was terminated
Strategy and Analysis.
(see ADDRESSES). A transcript will also on September 30, 2012, by Executive
[FR Doc. 2015–30772 Filed 12–4–15; 8:45 am]
be available in either hardcopy or on Order 13591, dated November 23, 2011.
BILLING CODE 4164–01–P
CD–ROM, after submission of a Authority for the Advisory Group to be
Freedom of Information request. The re-established was given under
Freedom of Information office address is DEPARTMENT OF HEALTH AND Executive Order 13631, dated December
available on the Agency’s Web site at HUMAN SERVICES 7, 2012. Authority for the Advisory
http://www.fda.gov. A link to the Group to continue to operate until
transcripts will also be available Meeting of the Advisory Group on September 30, 2017, was given under
approximately 45 days after the public Prevention, Health Promotion, and Executive Order 13708, dated
workshop on the Internet at http://www. Integrative and Public Health September 30, 2015.
fda.gov/MedicalDevices/NewsEvents/
AGENCY: Department of Health and It is authorized for the Advisory
WorkshopsConferences/default.htm.
Human Services, Office of the Secretary, Group to consist of no more than 25
(Select this public workshop from the
posted events list). Office of the Assistant Secretary for non-federal members. The Advisory
Health, Office of the Surgeon General of Group currently has 21 members who
III. References the United States Public Health Service. were appointed by the President. The
The following references are on ACTION: Notice. membership includes a diverse group of
display in the Division of Dockets licensed health professionals, including
SUMMARY: In accordance with Section integrative health practitioners who
Management (see ADDRESSES) and are
10(a) of the Federal Advisory Committee have expertise in (1) worksite health
available for viewing by interested
Act, Public Law 92–463, as amended (5
persons between 9 a.m. and 4 p.m., promotion; (2) community services,
U.S.C. App.), notice is hereby given that
Monday through Friday; they are also including community health centers; (3)
a meeting is scheduled for the Advisory
available electronically at http:// preventive medicine; (4) health
Group on Prevention, Health Promotion,
www.regulations.gov. FDA has verified coaching; (5) public health education;
and Integrative and Public Health (the
the Web site addresses, as of the date (6) geriatrics; and (7) rehabilitation
‘‘Advisory Group’’). This meeting will
this document publishes in the Federal medicine.
be open to the public. Information about
Register, but Web sites are subject to
the Advisory Group and the agenda for A meeting description and relevant
change over time.
this meeting can be obtained by materials will be published closer to the
1. Executive Order 13636, ‘‘Improving accessing the following Web site: http:// meeting date at: http://www.surgeon
Critical Infrastructure Cybersecurity,’’ www.surgeongeneral.gov/priorities/ general.gov/priorities/prevention/
February 19, 2013 (http://www.gpo.gov/
prevention/advisorygrp/index.html. advisorygrp/.
fdsys/pkg/FR-2013-02-19/pdf/2013-
03915.pdf). DATES: The meeting will be held on Members of the public have the
2. Executive Order 13691, ‘‘Promoting Private December 22, 2015. The exact meeting opportunity to participate in the
Sector Cybersecurity Information time will be published closer to the meeting and/or provide comments to
Sharing,’’ February 13, 2015 (http:// meeting date at: http://www.surgeon
www.gpo.gov/fdsys/pkg/FR-2015-02-20/ the Advisory Group on December 22,
general.gov/priorities/prevention/
pdf/2015-03714.pdf). 2015. Public comment will be limited to
advisorygrp/advisory-group-
3. Presidential Policy Directive 21, ‘‘Critical meetings.html. 3 minutes per speaker. Individuals who
Infrastructure Security and Resilience,’’ wish to participate in the meeting and/
February 12, 2013 (http:// ADDRESSES: This meeting will be held or provide comments must register by
www.whitehouse.gov/the-press-office/ via teleconference. Teleconference 12:00 p.m. EST on December 15, 2015.
2013/02/12/presidential-policy-directive- information and an exact meeting time In order to register, individuals must
critical-infrastructure-security-and-resil). will be published closer to the meeting
4. National Institute of Standards and send their full name and affiliation via
date at: http://www.surgeongeneral.gov/
Technology (NIST), ‘‘Framework for email to prevention.council@hhs.gov.
priorities/prevention/advisorygrp/
Improving Critical Infrastructure Individuals who need special assistance
Cybersecurity,’’ version 1, February 12,
index.html.
and/or accommodations, i.e., TDD/VP or
2014 (http://www.nist.gov/cyberframe FOR FURTHER INFORMATION CONTACT: other reasonable accommodations,
work/upload/cybersecurity-framework- Office of the Surgeon General, 200
mstockstill on DSK4VPTVN1PROD with NOTICES
should indicate so when they register.
021214-final.pdf). Independence Ave. SW.; Washington,
5. Food and Drug Administration, ‘‘Public Members of the public who wish to
DC 20201; 202–205–9517; have materials distributed to the
Workshop—Collaborative Approaches prevention.council@hhs.gov.
for Medical Device and Healthcare Advisory Group members at this
Cybersecurity, October 21–22, 2014.’’ SUPPLEMENTARY INFORMATION: The
scheduled meeting should submit those
October 11, 2015 (http://www.fda.gov/ Advisory Group is a non-discretionary materials when they register.
MedicalDevices/NewsEvents/Workshops federal advisory committee that was
Conferences/ucm412979.htm). initially established under Executive
VerDate Sep<11>2014 18:36 Dec 04, 2015 Jkt 238001 PO 00000 Frm 00067 Fmt 4703 Sfmt 4703 E:\FR\FM\07DEN1.SGM 07DEN1](https://thefederalregister.org/doc/80_FR_76256/page/4.svg)
Document Created: 2015-12-14 13:30:53
Document Modified: 2015-12-14 13:30:53
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice of public workshop; request for comments. | |
| Dates | The public workshop will be held January 20-21, 2016, from 9 a.m. to 5:30 p.m. Submit either electronic or written comments on the public workshop by February 22, 2016. | |
| Contact | Suzanne Schwartz, Food and Drug Administration, Center for Devices and Radiological Health, 10903 New Hampshire Ave., Bldg. 66, Rm. 5428, Silver Spring, MD 20993, 301-796- 6937, [email protected] | |
| FR Citation | 80 FR 76022 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR