These components are in the earliest stages of discussion. So, this is conjecture, but in a broader sense presents large-scale opportunities for businesses specializing in security systems.
At some point within the next year, it is likely that an existing agency will be forced to expand its role to cover the evaluation of software. There’s a lot of software out there. This is scary to even contemplate, suffice that there’s a chance that such a system will be deemed unviable. There are millions of software products.
The US Food And Drug Administration, responsible for evaluating “Software as a Medical Device” did adjust to a more Agile approval system under the Trump administration. The previous approval process could take months when the fix could be completed within a matter of hours.
Herein, the FDA’s new pilot program focuses on vetting of organizations instead of individual software products. Now, medical app developers are responsible for rapidly fixing defects and problems when they come to light instead of resubmitting for another lengthy delay before the next review is conducted. Medical apps represent only 4-5% of software applications, and from a much smaller pool of developers.
The most realistic scenario is that the US Government will issue contracts to existing CyberSecurity organizations to handle the certification process. While this is purely speculation, it’s a tip to pass along to any CyberSecurity professionals and organizations you may know to keep an eye on how this policy evolves.