The complete guide to NFC and RFID cybersecurity for FDA-regulated medical devices - vulnerabilities, threat modeling, test evidence, and §524B / SPDF documentation.
Reviewed by Christian Espinosa, MBA, CISSP · Founder & CEO
Published October 2024 · Last reviewed May 2026
The complete guide to NFC and RFID cybersecurity for FDA-regulated medical devices - vulnerabilities, threat modeling, test evidence, and §524B / SPDF documentation.
Dive deeper with these companion articles:
FDA clearance is the beginning of your cybersecurity obligations, not the finish line. Postmarket cybersecurity for medical devices is an active, continuous requirement that most manufacturers underestimate until a problem forces their hand. Most invest significant resources building premarket docum
Receiving an FDA cybersecurity Additional Information Request (AIR) doesn't mean your submission is dead. It means the clock is ticking, and the next move has to be precise. FDA issues these requests when reviewers find specific, documented gaps in your cybersecurity package, and they expect every g
Here's a pattern Blue Goat Cyber sees regularly: a medical device manufacturer arrives at premarket submission with an ISO 27001 certificate in hand, convinced their cybersecurity story is complete. Weeks later, a deficiency letter arrives. The FDA isn't questioning their information security postur
Every Blue Goat Cyber engagement maps directly to FDA Section 524B and the SPDF - so the evidence you need lands in your submission, not in a separate report.
30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ submissions.
