Deep dives on FDA expectations, threat modeling, penetration testing, SDLC, and the standards your team is being asked to meet.
Showing 12 of 284 articles · Page 1 of 24
%22%3E%0A%20%3Cstop%20offset%3D%220%25%22%20stop-color%3D%22%230b132b%22%2F%3E%0A%20%3Cstop%20offset%3D%22100%25%22%20stop-color%3D%22%233a86ff%22%2F%3E%0A%20%3C%2FlinearGradient%3E%0A%20%3Cpattern%20id%3D%22dots%22%20width%3D%2220%22%20height%3D%2220%22%20patternUnits%3D%22userSpaceOnUse%22%20patternTransform%3D%22rotate(40)%22%3E%0A%20%3Ccircle%20cx%3D%222%22%20cy%3D%222%22%20r%3D%221.2%22%20fill%3D%22rgba(255%2C255%2C255%2C0.18)%22%2F%3E%0A%20%3C%2Fpattern%3E%0A%20%3C%2Fdefs%3E%0A%20%3Crect%20width%3D%22800%22%20height%3D%22450%22%20fill%3D%22url(%23g)%22%2F%3E%0A%20%3Ccircle%20cx%3D%22640%22%20cy%3D%22115%22%20r%3D%22148%22%20fill%3D%22rgba(255%2C255%2C255%2C0.08)%22%2F%3E%0A%20%3Ccircle%20cx%3D%22160%22%20cy%3D%22335%22%20r%3D%2289%22%20fill%3D%22rgba(0%2C0%2C0%2C0.12)%22%2F%3E%0A%20%3Crect%20width%3D%22800%22%20height%3D%22450%22%20fill%3D%22url(%23dots)%22%2F%3E%0A%20%3Cg%20font-family%3D%22ui-sans-serif%2Csystem-ui%2C-apple-system%2CSegoe%20UI%2CRoboto%22%20fill%3D%22rgba(255%2C255%2C255%2C0.95)%22%3E%0A%20%3Ctext%20x%3D%2248%22%20y%3D%22380%22%20font-size%3D%2244%22%20font-weight%3D%22700%22%20letter-spacing%3D%22-1%22%3EFDA%20Compliance%3C%2Ftext%3E%0A%20%3Ctext%20x%3D%2248%22%20y%3D%22412%22%20font-size%3D%2216%22%20opacity%3D%220.75%22%20letter-spacing%3D%222%22%3EBLUE%20GOAT%20CYBER%3C%2Ftext%3E%0A%20%3C%2Fg%3E%0A%3C%2Fsvg%3E)
Class I, II, III doesn't decide your FDA cybersecurity burden. Section 524B's cyber-device test and whether you file a premarket submission do. Here's how it actually works.
Read article
What the FDA's Feb 2026 premarket cybersecurity guidance says (and doesn't say) about AI-run penetration testing, where AI helps, where it fails a 524B.
Read article
How the FDA flags cybersecurity gaps in PMA submissions - RTF, Major Deficiency, Approvable, and Complete Response Letters for combination products - and how to respond.
Read article
Which PMA submission type a cybersecurity change requires - 180-day supplement, Real-Time, Special, 30-day notice, or annual report - and the decision logic under Section 524B.
Read article
How the FDA distinguishes Major from Minor cybersecurity deficiencies in 510(k) and PMA reviews, the response-window difference, and how to keep findings out of the Major column.
Read article
How cybersecurity expectations apply to De Novo submissions under Section 524B - SPDF, SBOM, threat model, testing - and where De Novo differs from 510(k) and PMA.
Read article
IEC 81001-5-1 vs AAMI SW96 compared side-by-side: scope, lifecycle vs risk focus, FDA recognition, and which to anchor your Secure Product Development Framework on.
Read article
Where CAN/CANopen shows up inside medical devices, the attack paths FDA reviewers want modeled, and the controls that actually hold up under pen test.
Read article
How to build FDA-defensible fuzz harnesses for the protocols medical devices actually speak. Per-protocol tooling, grammar sources, seed corpus strategy, coverage signal, and where AI helps (and where it doesn't).
Read article
CVSS 3.1 vs 4.0 for medical devices compared - vector strings explained metric by metric, why 4.0's Safety and Automatable metrics matter for patient harm, and how to handle the transition in FDA submissions and postmarket VEX.
Read article
What the FDA's Feb 2026 premarket guidance actually requires for medical device penetration testing - what's inside a real pen test, what's separate.
Read article
When a cybersecurity change to a cleared medical device stays as a letter to file in the DHF, and when it forces a new 510(k).
Read article30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ FDA submissions.
