Last reviewed: May 1, 2026
Listen now
What are the 18 required cybersecurity deliverables for a pre-market submission, and how do they map to eSTAR’s 13 sections?
This episode breaks down the cybersecurity deliverables required for an FDA pre-market submission and explains why they apply consistently across all device types. Christian and Trevor walk through each deliverable in detail, outline how they map to eSTAR v6.0, and highlight common misconceptions that slow down manufacturers.
Key points:
(00:33) Why all devices - high-risk or low-risk - must submit the same 18 cybersecurity deliverables to the FDA.
(01:41) How device complexity influences documentation depth even though the deliverables never change.
(04:42) How the 18 deliverables map to the 13 sections of eSTAR version 6.0.
(09:50) The risk management report, threat model, risk assessment, and SBOM requirements.
(17:41) How to evaluate and categorize unresolved anomalies.
(20:04) How manufacturers should track remediation timelines and vulnerability density.
(23:52) The cybersecurity management plan and the extensive post-market responsibilities expected by the FDA.
Bring this work to your device
Need help with fda premarket cybersecurity?
Blue Goat Cyber delivers fda premarket cybersecurity services for medical device manufacturers - from threat modeling to FDA-ready reports.
FDA Premarket Cybersecurity ServicesMore on FDA Premarket Cybersecurity
Keep listening
-
Episode 69
Science Before Hype in MedTech Investing with Varun Turlapati of Chaanakya Capital
With Varun Turlapati
-
Episode 67
De-Risking Product Decisions in MedTech Startups with Brent Lavin of Ironwood MedTech Partners
With Brent Lavin
-
Episode 65
Why Clinical Trials Are the Most Expensive Capital Outlay for Startups with Rob Bedford, CEO of Franklyn Health
With Rob Bedford
-
Episode 64
Traceability Requirements and Documentation Audit Trails with Dr. Basant Bajpai, CEO of Compliance MedQRA
With Dr. Basant Bajpai