Built for medical device cybersecurity teams.
Quick, no-signup tools that mirror how the FDA actually reviews cyber devices. Use them to scope work, find gaps, and pressure-test your submission story before a reviewer does.
Premarket scoping
Figure out which rules apply, which pathway you're on, and what the FDA will actually ask for.
Section 524B Applicability Checker
Does your device meet the FD&C Act §524B 'cyber device' definition? Six questions tell you whether SBOM, coordinated vulnerability disclosure, postmarket monitoring/patching, and the reasonable-assurance argument are statutorily mandatory.
Open toolSaMD / SiMD + EU Rule 11 Classifier
Classify your product as Software as a Medical Device or Software in a Medical Device, then map it to EU MDR Rule 11 risk class and the cyber evidence each path requires.
Open toolSubmission Pathway Selector
Five questions → 510(k), De Novo, or PMA recommendation, with the cybersecurity evidence delta for each pathway under the FDA's Feb 3, 2026 final premarket guidance.
Open toolFDA Cybersecurity Readiness Quiz
Seven-question score against the FDA's Feb 3, 2026 final premarket cybersecurity guidance with a domain-by-domain gap list and the fastest next move.
Open toolSPDF Gap Checker
Score your Secure Product Development Framework across governance, design, V&V, postmarket, and supply chain - mapped to the Feb 3, 2026 final premarket guidance and IEC 81001-5-1.
Open toolSBOM & supply chain
Build, diff, and defend the software bill of materials and the components it points to.
SBOM Readiness Checker
Score your software bill of materials + supply-chain program against current FDA premarket and postmarket expectations: format, depth, VEX, monitoring, SLSA build provenance, Sigstore signing, AI-generated code tracking, dependency-confusion defenses.
Open toolSBOM Diff & VEX Drafter
Paste two SBOMs (SPDX or CycloneDX). See added / removed / version-bumped components, heuristic KEV-name flags, and a CycloneDX VEX stub ready to publish.
Open toolThird-Party Component Risk Scorecard
Score one third-party component on maintenance, provenance, OSSF posture, CVEs, license, origin, AI training-data provenance, and medical-device fit. Get a go / caution / no-go verdict.
Open toolLegacy / End-of-Support Triage
For devices stuck on Windows 10 IoT, RHEL 7, or unsupported chipsets - generates an FDA-style compensating-controls memo and TPLC verdict.
Open toolThreat modeling & testing
Map attack surface, draft your STRIDE register, and scope the pen test before a reviewer scopes it for you.
Wireless & Physical Interface Profiler
Pick from 17 wireless and physical interfaces - Wi-Fi, Cellular, BLE, BR/EDR, NFC, RFID, USB-OTG, JTAG, CAN, vendor cloud API, companion app, clinician portal, OTA - and get per-interface threats, pen-test scoping, and required premarket evidence.
Open toolThreat Model Starter (STRIDE)
Pick your interfaces and assets; get a structured STRIDE threat list to drop into AAMI TIR57 / SW96 documentation as the starting point for a formal threat model.
Open toolPen Test Scope Estimator
Architecture and interface inputs → recommended penetration test scope and rough effort range.
Open toolPostmarket program
Stand up the monitoring, patch, CVD, and FDA-reporting cadence the guidance expects after launch.
Postmarket Cadence Calculator
Risk class + connectivity + PHI sensitivity → monitoring, patch, pen test, and FDA-reporting SLAs that match reviewer expectations.
Open toolControlled vs Uncontrolled Risk Classifier
Six questions on reachability, harm, KEV/EPSS signal, access, mitigations, and monitoring → FDA-aligned verdict with next steps and 21 CFR 806 timeline.
Open toolCVD Policy Generator
Produce a Section 524B-aligned Coordinated Vulnerability Disclosure policy ready to publish. ISO 29147 structure with your SLAs and contact details baked in.
Open toolOTA Update Questionnaire
Score your patch / OTA update mechanism across signing, transport, deployment safety, and lifecycle. Get critical / high / medium gaps with concrete remediation.
Open toolSubmission packaging
Pull the right artifacts together, draft change-control plans, and respond to deficiency letters.
eSTAR Cybersecurity Checklist
Sixteen artifacts FDA reviewers look for in the eSTAR cybersecurity sections. Check what you have; we show what's missing and where it goes.
Open toolMDS² Generator
Draft a Manufacturer Disclosure Statement for Medical Device Security against the 21 HN1-2019 sections. Markdown export for product security and regulatory review.
Open toolPCCP Builder
Draft a Predetermined Change Control Plan for your AI/ML-enabled device - a structured 8-section SDS-PCCP outlining modifications, methods, and impact assessment.
Open toolFDA Deficiency Letter Triage
Paste an FDA cybersecurity AI request or hold letter. We pattern-match each ask to a category and outline a structured response with required evidence.
Open toolBusiness case
Quantify what a delay actually costs and make the budget conversation easy.