Built for medical device cybersecurity teams.
Quick, no-signup tools that mirror how the FDA actually reviews cyber devices. Use them to scope work, find gaps, and pressure-test your submission story before a reviewer does.
PCCP Builder
Scope a Predetermined Change Control Plan for your AI/ML-enabled device. Get a structured outline of modifications, methods, and impact assessment.
Open toolSection 524B Applicability Checker
Does your device meet the FD&C Act §524B 'cyber device' definition? Six questions tell you whether SBOM, threat modeling, and the full premarket package are mandatory.
Open toolSaMD / SiMD + EU Rule 11 Classifier
Classify your product as Software as a Medical Device or Software in a Medical Device, then map it to EU MDR Rule 11 risk class and the cyber evidence each path requires.
Open toolSBOM Readiness Checker
Score your software bill of materials + supply-chain program against current FDA premarket and postmarket expectations: format, depth, VEX, monitoring, SLSA build provenance, Sigstore signing, AI-generated code tracking, dependency-confusion defenses.
Open toolSBOM Diff & VEX Drafter
Paste two SBOMs (SPDX or CycloneDX). See added / removed / version-bumped components, KEV-relevant flags, and a CycloneDX VEX stub ready to publish.
Open toolThird-Party Component Risk Scorecard
Score one third-party component on maintenance, provenance, OSSF posture, CVEs, license, origin, AI training-data provenance, and medical-device fit. Get a go / caution / no-go verdict.
Open toolLegacy / End-of-Support Triage
For devices stuck on Windows 10 IoT, RHEL 7, or unsupported chipsets - generates an FDA-style compensating-controls memo and TPLC verdict.
Open toolWireless & Physical Interface Profiler
Pick the interfaces your device exposes - Wi-Fi, BLE, BR/EDR, NFC, RFID, USB-OTG, JTAG, CAN - get per-interface threats, pen-test scoping, and required premarket evidence.
Open toolThreat Model Starter (STRIDE)
Pick your interfaces and assets; get a structured STRIDE threat list to drop into AAMI TIR57 / SW96 documentation as the starting point for a formal threat model.
Open toolCVD Policy Generator
Produce a Section 524B-aligned Coordinated Vulnerability Disclosure policy ready to publish. ISO 29147 structure with your SLAs and contact details baked in.
Open toolFDA Deficiency Letter Triage
Paste an FDA cybersecurity AI request or hold letter. We categorize each ask and outline a structured response with required evidence.
Open toolPostmarket Cadence Calculator
Risk class + connectivity + PHI sensitivity → monitoring, patch, pen test, and FDA-reporting SLAs that match reviewer expectations.
Open tooleSTAR Cybersecurity Checklist
Sixteen artifacts FDA reviewers look for in the eSTAR cybersecurity sections. Check what you have; we show what's missing and where it goes.
Open toolFDA Cybersecurity Readiness Quiz
Seven-question score against the current FDA premarket cybersecurity guidance with a gap list and fastest path to clearance.
Open toolCost of Delay Calculator
Translate every week of submission slip into lost revenue, gross margin, and runway burn.
Open toolPen Test Scope Estimator
Architecture and interface inputs → recommended penetration test scope and rough effort range.
Open tool