On this page
Published: July 10, 2026
A Predetermined Change Control Plan (PCCP) is not an AI/ML-only tool. The FDA's December 2024 final PCCP guidance applies to any device modification a manufacturer can pre-specify, validate, and control, including cryptographic library updates, firmware over-the-air (OTA) releases, SBOM component swaps, cipher-suite migrations, non-AI algorithm tuning, and select hardware substitutions. For Section 524B devices, a cybersecurity-scoped PCCP is the cleanest way to pre-authorize routine security patches without triggering a new 510(k) or letter-to-file gymnastics.
Most manufacturers still equate PCCP with AI/ML model updates. That was true of the 2023 draft. It is not true of the December 4, 2024 final guidance, Predetermined Change Control Plans for Medical Devices, which explicitly covers any modification type the manufacturer can specify in advance and control through a documented protocol.
The mismatch matters for cybersecurity. Section 524B requires manufacturers to maintain a plan to monitor, identify, and address postmarket vulnerabilities. Patching cadence, cipher agility, and SBOM refresh are exactly the kind of recurring, pre-specifiable modifications a PCCP was designed for.
This post explains where a non-AI PCCP fits, five modification classes reviewers are accepting, and how a cybersecurity PCCP interlocks with the FDA's February 3, 2026 final premarket cybersecurity guidance.
Key Takeaways
- The December 2024 final PCCP guidance applies to any pre-specifiable modification, not just AI/ML model updates.
- A cybersecurity-scoped PCCP can pre-authorize crypto agility, SBOM component refresh, firmware OTA cadence, non-AI algorithm tuning, and select hardware substitutions.
- Section 524B postmarket obligations map cleanly to a PCCP's Modification Protocol, this is the strongest current use case beyond AI.
- Reviewers reject PCCPs that lack bounded modification specifications, validation protocols, and rollback criteria.
- A cybersecurity PCCP does not replace the postmarket cybersecurity plan; it operationalizes it.
Table of Contents
- What the 2024 Final FDA PCCP Guidance Actually Covers
- Five Non-AI PCCP Modification Classes Worth Pre-Authorizing
- When a Cybersecurity PCCP Beats a Letter-to-File
- What FDA Reviewers Reject in a Non-AI PCCP
- Common Reviewer Misconceptions About Non-AI PCCPs
- How a Cybersecurity PCCP Interlocks with the Section 524B Postmarket Plan
- How Blue Goat Cyber Approaches This
- Frequently Asked Questions
Why This Matters
The FDA's Predetermined Change Control Plans for Medical Devices final guidance (issued December 4, 2024) supersedes the 2023 AI/ML-only draft and applies broadly to 510(k), De Novo, and PMA devices. In parallel, the Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions final guidance issued February 3, 2026 codifies Section 524B expectations and explicitly encourages sponsors to plan for routine security updates. Together, they open a lane that most manufacturers are not yet using: pre-authorizing recurring cybersecurity modifications through a PCCP instead of processing every crypto library bump through change-control gymnastics. AAMI TIR57:2016/(R)2023 and IEC 81001-5-1:2021 back the underlying security risk management activities, and the January 2025 CDRH quarterly submission data showed cybersecurity as one of the top three deficiency categories on 510(k) submissions, a signal that reviewer attention to change control for security-relevant modifications is only rising.
What the 2024 Final FDA PCCP Guidance Actually Covers
The final guidance defines a PCCP as three linked elements: a Description of Modifications (what you plan to change), a Modification Protocol (how you will implement, verify, and validate each change), and an Impact Assessment (why the changes maintain safety and effectiveness within the authorized indications for use). Nothing in that structure is AI-specific.
The guidance is explicit that any modification a manufacturer can specify with sufficient granularity and bound with an acceptable validation protocol is eligible. AI/ML model retraining is one example. Firmware feature rollout on a defined cadence, cipher-suite migration, and SBOM component version bumps are others. The gating question is not "is this AI" but "can you pre-specify the modification, its bounds, and how you will prove it is safe."
For deeper background on the mechanics, see our FDA PCCP change control plans guide.
Read next → FDA PCCP change control plans guide for the full anatomy of Description of Modifications, Modification Protocol, and Impact Assessment, with worked non-AI examples.
Five Non-AI PCCP Modification Classes Worth Pre-Authorizing
| Modification class | What the PCCP authorizes | Why it fits |
|---|---|---|
| Cryptographic agility | Rotating cipher suites, key lengths, and TLS versions on a defined schedule as NIST deprecates algorithms | Bounded modification set, testable via known-answer + interoperability suites, aligns with 524B postmarket plan |
| SBOM component refresh | Version bumps of pre-identified third-party components within specified semver ranges when triggered by CVE/VEX | Change is pre-specified per component; validation protocol is regression + security testing |
| Firmware OTA cadence | Rolling out signed firmware releases on a stated frequency using an authenticated update channel | Update mechanism itself is validated once; per-release verification bounded by protocol |
| Non-AI algorithm tuning | Parameter adjustments on deterministic algorithms (signal filters, thresholds, alarm logic) within pre-set ranges | Bounded parameter space, deterministic validation, no continuous learning |
| Hardware component substitution | Pre-identified equivalent parts (sensors, radios, memory) with defined equivalence testing | Common in supply-chain resilience; substitution set is finite and each requires the same protocol |
Each of these can be scoped narrowly enough to satisfy the guidance's requirement for a bounded, testable modification specification.
Read next → For the SBOM-refresh and cipher-agility rows, wire the Modification Protocol to the SBOM vulnerability management workflow, VEX document guide, and the SBOM for medical devices guide so triage, exploitability, and evidence live in one loop.
When a Cybersecurity PCCP Beats a Letter-to-File
A letter-to-file works when the manufacturer decides, per modification, that it does not significantly affect safety or effectiveness. A PCCP works when the modification recurs and the category has been pre-authorized. For a Section 524B device that ships crypto library updates twice a year and SBOM component bumps monthly, the PCCP path avoids re-running the letter-to-file decision every time.
A PCCP does not permit modifications the sponsor could not have made through a letter-to-file today. It permits pre-authorization of the same class of modifications on a documented, validated schedule.
The efficiency gain is real when the modification is recurring, mechanically bounded, and validated by a stable protocol, which is exactly the profile of routine cybersecurity maintenance.
Talk to us about scoping a cybersecurity PCCP if you are patching production devices faster than your change-control paperwork can keep up.
Read next → FDA pathway cybersecurity differences guide to decide whether a given modification belongs in a PCCP, a letter-to-file, or a new submission.
What FDA Reviewers Reject in a Non-AI PCCP
Reviewer feedback on non-AI PCCPs in 2025 clustered around four defects:
- Unbounded modification descriptions. "Update firmware as needed" is not a Description of Modifications; "signed firmware releases within features A/B/C, on the update channel validated in submission section X" is.
- Missing validation protocol per modification type. Each modification class needs its own verification and validation approach, tied to the security risk file and the security risk assessment under IEC 81001-5-1.
- No rollback or abort criteria. The Modification Protocol must state when a change is pulled back and what happens to fielded units.
- No linkage to the postmarket cybersecurity plan. A cybersecurity PCCP that does not reference the Section 524B postmarket monitoring and vulnerability handling process reads as disconnected from the manufacturer's actual security operations.
Common Reviewer Misconceptions About Non-AI PCCPs
Sponsor teams, and, occasionally, reviewers themselves, carry over assumptions from the 2023 AI/ML draft that no longer apply. These are the misconceptions we see driving Additional Information (AI) requests and outright PCCP rejections on cybersecurity, firmware, and hardware scopes.
| Misconception | What the 2024 final guidance actually says |
|---|---|
| "PCCPs are only for AI/ML models." | The final guidance applies to any modification a sponsor can pre-specify, bound, and validate. AI/ML is one worked example, not the scope limit. |
| "A cybersecurity PCCP lets us skip 510(k) for anything security-related." | A PCCP only pre-authorizes changes that could otherwise be made through letter-to-file. Anything that would have required a new submission still does. |
| "The Modification Protocol can point to our SOPs." | Reviewers want the protocol in the PCCP, with acceptance criteria and validation methods spelled out. Bare SOP references are a frequent rejection reason. |
| "One PCCP can cover firmware, crypto, and hardware together with a shared protocol." | Each modification class needs its own Description of Modifications and its own Modification Protocol. A single generic protocol is treated as unbounded. |
| "Impact Assessment is a paragraph of narrative." | It has to walk through safety, effectiveness, cybersecurity, and usability impacts per modification class, tied to the risk file and threat model. |
| "PCCP means we can push updates without notifying the FDA." | Postmarket reporting obligations (including Section 524B(b)(2)(B) vulnerability handling and any applicable 21 CFR 806 corrections) still apply on top of the PCCP. |
| "PCCPs remove the need for a postmarket cybersecurity plan." | The PCCP is the authorization; the postmarket plan is the process. Both are required, and reviewers expect them to cite each other by name. |
| "We can add a PCCP after clearance without a submission." | Adding a PCCP to a cleared device requires a supplement or new submission, it is not a design history file update. |
| "If the modification is in the PCCP, no documentation is needed at the time of change." | The Modification Protocol requires an executed record per modification, including verification/validation results and an updated PCCP change log. Inspectors ask for it. |
The pattern behind the pattern
Almost every rejection above traces to the same root cause: treating the PCCP as a policy rather than a pre-executed regulatory decision. The final guidance's structure, Description of Modifications, Modification Protocol, Impact Assessment, is a decision record the FDA is agreeing to in advance. Language that is fine in an internal SOP ("as needed", "per current best practice", "at the discretion of the security team") reads as unbounded delegation in a PCCP and gets sent back.
From the December 2024 final guidance: a PCCP must describe "the specific, planned device modifications" and "the associated methodology to develop, validate, and implement those modifications in a manner that ensures the continued safety and effectiveness of the device." Both halves must be present per modification class.
See also: FDA Section 524B Explained Subsection, SBOM for Third-Party Chip Firmware, and Secure Update Infrastructure for Medical.
If a draft PCCP cannot survive a red-team read against this list, it will not survive review. Fix the language before submission, not after the AI request.
How a Cybersecurity PCCP Interlocks with the Section 524B Postmarket Plan
Section 524B(b)(2)(B) of the FD&C Act obligates manufacturers to maintain "a plan to monitor, identify, and address, as appropriate, in a reasonable time, postmarket cybersecurity vulnerabilities and exploits." That plan is a process document. A PCCP is an authorization document. They answer different questions and are designed to be read together.
- The postmarket cybersecurity plan answers: how do we detect vulnerabilities, triage them, communicate them, and close them?
- The PCCP answers: which recurring fix categories are pre-authorized so that closure does not require a new submission or per-instance letter-to-file?
The end-to-end loop
Postmarket monitoring (CVE feeds, CVD intake, telemetry)
│
▼
SBOM + VEX triage (exploitable in this device?)
│
├── Out of PCCP scope ──► CAPA ──► new submission or letter-to-file
│
└── In PCCP scope ─────► Modification Protocol executes
│
▼
Verification + validation per protocol
│
▼
Signed release + fielded update
│
▼
Update SBOM/VEX, threat model, PCCP change log
Every step in this loop maps to a specific document. The postmarket plan governs detection, triage, and communication. The SBOM vulnerability management workflow governs exploitability determination. The PCCP's Modification Protocol governs execution and validation. The CAPA procedure (see CAPA and medical device cybersecurity) governs anything that falls outside the pre-authorized scope.
What the eSTAR package should show
For eSTAR submissions, the PCCP is a distinct attachment cross-referenced from the cybersecurity content. Reviewers expect three explicit references:
- The postmarket cybersecurity plan names the PCCP as the closure mechanism for in-scope modification categories.
- The PCCP's Impact Assessment cites the threat model and the security risk file so that pre-authorized modifications are bounded by the analyzed attack surface.
- The cybersecurity management plan ties both documents into the QMSR, see our cybersecurity management plan guide, the eSTAR v7 cybersecurity mapping, and the broader FDA 2026 final premarket cybersecurity guidance summary.
Missing any one of those references is a common deficiency and the fastest way to turn a workable PCCP into an RTA or Additional Information request.
The postmarket cybersecurity plan and the PCCP must reference each other by name in the submission. A PCCP that lists modifications with no link to the monitoring process, or a postmarket plan that names no pre-authorized fix path, reads as two disconnected workstreams and reviewers treat it that way.
Read next → Postmarket cybersecurity monitoring program guide for the detection-to-closure process the PCCP plugs into, and the FDA 2026 final premarket cybersecurity guidance summary for the Section 524B expectations both documents must satisfy.
Not sure if your patching cadence justifies a PCCP? Book a 30-minute PCCP scoping call and we will map your current change-control workflow against the postmarket plan and tell you where a PCCP would actually save time, and where it would not.
How Blue Goat Cyber Approaches This
We scope cybersecurity PCCPs against the device's threat model, SBOM, and postmarket plan so the Description of Modifications is bounded to what the security architecture actually supports. Our Modification Protocols reuse the security regression suites, SBOM/VEX workflow, and cryptographic validation harnesses we build during premarket, which means the PCCP inherits validated infrastructure rather than inventing new one. Our team holds CISSP and OSCP credentials with prior military red-team experience, and our work is grounded in the December 2024 final PCCP guidance, the February 3, 2026 final premarket cybersecurity guidance, Section 524B, AAMI TIR57 / SW96, and IEC 81001-5-1. If the FDA raises cybersecurity deficiencies after our submission, we resolve them at no additional cost. Start with our FDA cybersecurity submission service or our postmarket SBOM and VEX monitoring service.
Frequently Asked Questions
These are the questions FDA reviewers actually raise on non-AI PCCP submissions, and how to answer them cleanly. Each answer links to the relevant Blue Goat Cyber guide for the underlying detail.
Can a PCCP be used for something other than AI/ML?
Yes. The FDA's December 4, 2024 final Predetermined Change Control Plans for Medical Devices guidance applies to any modification a sponsor can pre-specify, bound, and validate through a documented protocol. AI/ML model updates were the original driver, but firmware releases, cybersecurity patches, SBOM component refreshes, and bounded hardware substitutions are all in scope. See the mechanics in our FDA PCCP change control plans guide.
How does a cybersecurity PCCP satisfy Section 524B postmarket obligations?
It does not satisfy them on its own. Section 524B(b)(2)(B) requires a plan to monitor, identify, and address vulnerabilities, that is the postmarket cybersecurity plan. The PCCP is the pre-authorized fix mechanism the plan routes to for in-scope modifications. Reviewers expect both, cross-referenced. Detail in our postmarket cybersecurity monitoring program guide and the FDA 2026 final premarket cybersecurity guidance summary.
What modifications must stay out of a cybersecurity PCCP?
Anything the sponsor cannot bound in advance: novel architectural changes, new indications for use, new interfaces to previously unconnected subsystems, changes that alter the analyzed attack surface, or fixes to threat model gaps that were not disclosed in the original submission. Those still require a new submission or a traditional change-control decision, see our FDA pathway cybersecurity differences guide.
Can a PCCP be added to a device that already has clearance?
Yes, through a supplement or new submission that includes the PCCP. The sponsor still has to justify the Description of Modifications, Modification Protocol, and Impact Assessment against the cleared indications for use. Use our FDA premarket cybersecurity submission checklist to confirm the surrounding package still lines up.
What are the fastest ways a non-AI PCCP gets rejected?
Unbounded modification language ("as needed"), a single generic Modification Protocol covering multiple classes, missing rollback criteria, and no cross-reference to the postmarket cybersecurity plan. See the full pattern in our 12 reasons the FDA rejects medical device cybersecurity submissions guide and the FDA cybersecurity deficiency letter examples.
Is a PCCP required for cybersecurity patching?
No. It is an option. Manufacturers can continue to handle security patches under existing change control. The PCCP is worth the investment when the patching cadence, cipher-agility program, or SBOM refresh workflow is frequent and bounded enough that pre-authorization saves meaningful engineering and regulatory time.
Ready to scope a cybersecurity PCCP for your device?
If your device ships crypto updates, firmware releases, or SBOM component bumps on a cadence and your change-control paperwork is the bottleneck, a cybersecurity-scoped PCCP is likely the right instrument. If the FDA raises cybersecurity deficiencies after our submission, we resolve them at no additional cost.
- Download the checklist → PCCP Beyond AI: Reviewer Rejection & Corrective-Action Checklist (PDF), 20 items across Description of Modifications, Modification Protocol, Impact Assessment, 524B postmarket interlock, and eSTAR placement.
- Talk to an expert → Schedule a 30-minute discovery call
- See the full service → FDA cybersecurity submission
- Wire it to postmarket → Postmarket SBOM & VEX monitoring
Christian Espinosa, Founder, Blue Goat Cyber, CISSP, OSCP. Christian has led premarket and postmarket cybersecurity programs for connected medical devices across Class II and Class III submissions and previously commanded military red-team operations. Read more at christian-espinosa.