The recently announced “Refuse to Accept Policy” signed into law under section 524B of the Federal Food, Drug, and Cosmetic Act (FD&C Act) gives the FDA more traction to encourage the medical device manufacturing industry to utilize software bills of materials that help to incorporate supply chain security. The ISA/IEC 62443 series of standards defines a secure product lifecycle process that can be adopted by medical device manufacturers to identify and manage the security risks of all external components used within the product.