Threat Modeling for Medical Devices
Threat modeling is the foundation of every credible cybersecurity submission - and the section reviewers scrutinize most. This hub collects our threat modeling service, FDA-aligned methodology, the 12 gaps we see most often, and how STRIDE maps to AAMI SW96 risk management.
Services
- Medical Device Threat Modeling
Comprehensive threat modeling per FDA Section V.A.1 - covering supply chain, deployment, environment of use, and decommission risks for the full device system.
- Secure MedTech Product Design
Architecture review, control selection, and secure development guidance from concept through V&V - aligned with FDA's Secure Product Development Framework.
- Full-Service FDA Premarket Cybersecurity
Full-service, end-to-end: we deliver 100% of the artifacts FDA reviewers expect for 510(k), De Novo, and PMA submissions - traceable, complete, and aligned with current 524B guidance.
In-depth guides
- 12 Critical Threat-Modeling Gaps in SubmissionsA practical, ungated guide to the threat modeling gaps that trigger FDA cybersecurity questions in 510(k), De Novo, and PMA submissions - and exactly how to close them before reviewers find them.
- The SPDF PlaybookSPDF PLAYBOOK · FDA CYBERSECURITY GUIDE The SPDF Playbook for FDA-Ready Medical Devices A practical, ungated guide to building a Secure Product Development Framework that FDA accepts. The eight pillars, the artifacts each one produces, and a pre-submission readiness checklist you can score yourself
Standards & guidance
Defined entries from our MedTech Cybersecurity Standards Glossary.
- ANSI/AAMI SW96Medical Device Security Risk ManagementThe consensus standard for medical device security risk management - asset, threat, vulnerability, likelihood, severity, and residual risk acceptability.
- AAMI TIR57Principles for Medical Device Security – Risk ManagementThe MedTech-specific extension of ISO 14971 for cybersecurity. Defines how to identify cybersecurity assets, threats, and vulnerabilities, then estimate, evaluate, and control the resulting risk.
- ISO 14971Medical Device Risk ManagementThe umbrella risk-management standard for medical devices. Defines hazard identification, risk estimation, risk evaluation, risk control, and residual risk evaluation. Cybersecurity risks must be reconciled here so a security control never silently introduces a safety hazard.
- SPDFSecure Product Development FrameworkA documented framework that shows security activities are integrated across the device lifecycle - not bolted on at the end. Includes secure requirements, threat modeling, secure coding, V&V, vulnerability management, and post-market response.
- FDA 2026 GuidanceFDA Premarket Cybersecurity Guidance (Feb 3, 2026)The FDA's final premarket cybersecurity guidance, effective February 3, 2026. Defines the seven-section cybersecurity submission format reviewers now enforce at Technical Screening, replacing the 2023 draft. Operationalizes Section 524B of the FD&C Act.
From the blog
- Threat Modeling Connected & Implantable DevicesIf you're asking how to conduct a cybersecurity threat model for a connected or implantable medical device, the first thing to understand is that this is not the same exercise as modeling a web application or enterprise network. The stakes are categorically different. A missed attack vector on a hos
- AAMI TIR57 Risk Management for Medical DevicesA practical guide to AAMI TIR57 (R2023) and how it supports FDA’s Feb 2026 cybersecurity guidance - risk analysis, controls, and evidence.
- A Guide to FMEA for Medical Devices: Including Cybersecurity Failure ModesLearn FMEA for medical devices with practical examples - including cybersecurity failure modes - so QA/RA and engineering teams can prioritize risk and actions.
Threat Modeling for Medical Devices - frequently asked questions
Get FDA cleared without the cybersecurity headaches.
30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ submissions.