Premarket
Building, testing, and documenting before submission.
Topics for the premarket phase
Overview
Start here. The big picture for MedTech security.
SPDF
Bake security into every stage of the device lifecycle.
Threat Modeling
Identify and reason about threats before they ship.
Pentesting
What's in scope (hardware, firmware, wireless, cloud, mobile), the methods reviewers expect, and how to read a pentest report against FDA cybersecurity guidance.
Premarket
Submit a cybersecurity package the FDA will accept.
AI/ML Devices
Adversarial ML, model integrity, PCCPs, and the security surface unique to learning-enabled devices.
Checklists for premarket and adjacent phases
Section-by-section checklist mirroring FDA's RTA cybersecurity items: security risk management, SBOM, threat model, testing evidence, labeling, and CVD policy.
What every cybersecurity reviewer (FDA or hospital) looks for in an SBOM: format, depth, signatures, hashes, supplier identification, and paired VEX statements.