Deep dives on FDA expectations, threat modeling, penetration testing, SDLC, and the standards your team is being asked to meet.
Showing 12 of 267 articles · Page 1 of 23
Where containers appear in medical devices, the testing the FDA expects under the Feb 3, 2026 guidance, and how container evidence maps to eSTAR v7.0 Slots 5, 6, 7, and 8.
Read article
The 8 eSTAR v7.0 cybersecurity slots are identical for IVD and nIVD submissions — but the content reviewers expect is not. The IVD-specific guidance, slot by slot, and the deficiency patterns we see most.
Read article
When the chip vendor's SBOM is enough, when it isn't, and what changes the moment a MedTech team modifies modem, radio, or SoC firmware — with the FDA-aligned evidence package.
Read article
What the FDA's Feb 2026 guidance expects in interoperability labeling for connected medical devices — what content goes in user docs, where it sits in eSTAR v7.0, and how to align with IEEE 11073, HL7 FHIR, and DICOM expectations.
Read article
How to design penetration test cases from a medical device threat model — the methodology that bridges STRIDE-style threats and concrete bench test execution, with traceability the FDA expects in Slot 7.
Read article
What the MDS2 / HSCC Manufacturer Disclosure Statement for Medical Device Security covers, what the FDA's Feb 2026 guidance expects in the disclosure, and where it fits in eSTAR v7.0 labeling.
Read article
What the FDA's Feb 2026 guidance expects in the unresolved cybersecurity anomalies assessment, how to document residual risk, and the deficiency pattern that follows when this section is missing or thin.
Read article
Section 524B(b)(1) makes patchability statutory. What the FDA's Feb 2026 guidance expects in the patch and update mechanism test evidence, the test cases reviewers look for, and the most common deficiency patterns.
Read article
DAST is a subset of FDA-required penetration testing. What the Feb 2026 guidance expects in eSTAR Slot 7, why a Burp scan alone fails review, and how to build a defensible Testing package.
Read article
What the FDA's Feb 2026 guidance recommends for IDE cybersecurity: informed consent, architecture views, SBOM, labeling, and what's not required yet.
Read article
The real dollar and timeline cost of bolting cybersecurity onto a MedTech device after MVP. Which decisions are free before MVP, expensive after, and what you can defer until post-market-fit.
Read article
How to design, isolate, and defend the update channel for connected medical devices - signed manifests, dual-bank A/B, rollback protection, HSM-backed signing, TUF/Uptane, and what the FDA expects in the submission.
Read article30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ FDA submissions.
