Use this page as the single entry point to our Section 524B and eSTAR cybersecurity content. The statute, the February 3, 2026 final guidance, and the eSTAR fields where the artifacts get attached are all linked from here in the order a submission team actually works through them.
Section 524B of the FD&C Act, the FDA's February 3, 2026 final premarket cybersecurity guidance, and the eSTAR template are not three separate workstreams. They are one stack: 524B sets the obligation, the guidance defines the artifacts that prove it, and eSTAR is where those artifacts attach in the submission. This page links to the deep-dive guide for each layer in the order a submission team works through them.
1. Start with the statute
- FDA 524B Cybersecurity Requirements: Full Compliance Guide - the statute walkthrough.
- FDA Section 524B Subsections Index - directory of every (a), (b)(1)-(4), and (c) subsection.
- Section 524B Compliance Checklist - clause-by-clause submission deliverables.
2. Read the guidance the FDA actually applies
- FDA Cybersecurity Guidance Summary 2026 - what the February 3, 2026 final guidance changed.
- eSTAR v7.0 Cybersecurity Mapping to the 2026 Guidance - which guidance sections map to which eSTAR fields.
3. Build the eSTAR-ready package
- FDA Premarket Cybersecurity Deliverables & eSTAR v7.0 Map - the 18 deliverables mapped to eSTAR fields.
- eSTAR v6 vs v7 Cybersecurity Comparison - what changed and what carries over.
- eSTAR Cybersecurity Readiness Checklist - the pre-submission gate we run on every package.
4. Operationalize postmarket
- Postmarket Cybersecurity Readiness Plan - the 524B(b)(1) plan reviewers expect.
- SBOM Vulnerability Management for Medical Devices - SBOM monitoring, VEX, and KEV triage in production.
- FDA Cybersecurity Deficiency Response Checklist - close a hold without a second round.
How Blue Goat Cyber helps
We map your device to every applicable 524B subsection, draft the artifacts the February 2026 guidance expects, and assemble the eSTAR-ready package. If the FDA raises cybersecurity deficiencies after our submission, we resolve them at no additional cost. See FDA premarket cybersecurity services.
Sources & primary references
- Section 524B of the Federal Food, Drug, and Cosmetic Act (21 U.S.C. 360n-2)
- FDA, Cybersecurity in Medical Devices: Quality Management System Considerations and Content of Premarket Submissions (final guidance, February 3, 2026)
- FDA eSTAR templates (non-IVD v7.0, IVD v7.0)