Medical Device Pen Testing: FDA vs EU MDR 2026
Medical device pen testing under FDA vs EU MDR: the 5 FDA report elements, MDR Annex I §17.2/17.4, and how one report serves both submissions.
Read articleDeep dives on FDA expectations, threat modeling, penetration testing, SDLC, and the standards your team is being asked to meet.
Showing 12 of 285 articles · Page 1 of 24
Medical device pen testing under FDA vs EU MDR: the 5 FDA report elements, MDR Annex I §17.2/17.4, and how one report serves both submissions.
Read article
A five-source workflow (510(k), De Novo, PMA, MAUDE, FOIA) for mining FDA cybersecurity precedent by product code before a Section 524B filing.
Read article
The FDA PCCP guidance isn't AI-only. Use a predetermined change control plan for cybersecurity patches, firmware updates, and SBOM component swaps.
Read article
You're two years into product development and still "not ready" for cybersecurity? You're already late. When to start medical device cybersecurity, by phase.
Read article
A phase-by-phase mapping of the FDA's SPDF onto IEC 81001-5-1 activities, so dual FDA + EU submissions produce one artifact set instead of two.
Read article
IEC 62304 governs the software lifecycle. IEC 81001-5-1 adds security activities on top. Here's what each covers, where they overlap, and how they combine for the FDA and EU.
Read article
JSP2 is a development framework, MDS2 is a procurement disclosure form. Here's how the two artifacts complement each other across the device lifecycle.
Read article
The FDA lists JSP2, SPDF, IEC 81001-5-1, and ISA/IEC 62443-4-1 as acceptable cybersecurity frameworks. Here's how to actually pick one for your submission.
Read article
Choosing between MedCrypt, Finite State, and Blue Goat Cyber? Compare SBOM tools, vulnerability management, and FDA-required pen testing for your medical device
Read article
The premarket FDA cybersecurity submission checklist medical device teams use to pass 510(k) and PMA review under Section 524B and the 2026 guidance.
Read article
The FDA's Feb 3, 2026 guidance names 7 AI cyber threats, data poisoning, model inversion, evasion, leakage, overfitting, bias, drift, as 524B obligations.
Read article
Section 524B applies to a connected auto-injector when the device constituent has software and any electronic interface, regardless of whether CDER or CDRH leads review.
Read article30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ FDA submissions.