Readiness tier
A plain-English rating that shows whether the package looks lower risk, moderate risk, or likely to raise reviewer questions.
FDA 524B Readiness Assessment for Medical Device Teams
See where your cybersecurity evidence may be thin before a 510(k), De Novo, PMA, or SaMD submission. Built for connected devices and software-driven products that need defensible FDA cybersecurity documentation.
This is focused on medical device submission readiness. It is not a generic IT cybersecurity maturity survey.
Takes about 3 minutes. No account required to start.
FDA 524B / eSTAR gap map
A focused view of missing or weak evidence across threat modeling, SBOM, vulnerability management, security architecture, testing, and update planning.
Next artifact list
A practical checklist of documents, diagrams, or testing evidence your team should tighten before FDA review.
Who this is for
- RA/QA teams preparing a cybersecurity section for FDA review.
- Founders and product leads getting a connected device or SaMD product ready for submission.
- Engineering and security teams turning technical controls into reviewer-friendly evidence.
- Teams with a 510(k), De Novo, PMA, or major software update coming up.
Who this is not for
- Hospital IT teams looking for enterprise security scoring.
- SOC 2, ISO 27001, or general corporate cybersecurity buyers.
- Teams looking for a generic vendor-risk questionnaire.
Sample report
Want the sample FDA 524B report first?
Send yourself the sample report and use it to compare against your current cybersecurity package. If the gaps look familiar, take the full assessment next.
We'll send the checklist to your inbox after a quick confirmation.
Start the assessment
Check your FDA 524B evidence package
Answer 14 questions mapped to FDA eSTAR cybersecurity evidence areas. You can unlock a personalized report after the score preview.
Question 1 of 140% complete
Do you have security architecture diagrams showing global system view, multi-patient harm view, updateability view, and security use case views?
FDA expects at minimum four distinct views. More complex devices need additional views beyond these.
FAQ
Common questions before you start
Does FDA 524B apply to us?
If your device includes software, connects to a network, receives updates, or depends on connected components, it is worth checking. The assessment helps surface whether your evidence is likely to match FDA expectations.
Is this only for connected devices?
The strongest fit is connected devices and SaMD, but software-driven devices can still have cybersecurity evidence obligations depending on architecture and intended use.
Do I need all my documentation finished before taking it?
No. The assessment is more useful before everything is final because it can show where the package is thin while there is still time to fix it.
What do I get?
You get a readiness tier, a gap map, and a practical list of evidence to tighten before review.
Is the information confidential?
CyberMed treats submissions as confidential. The assessment does not ask for source code, credentials, secrets, or protected health information.
Does this replace consulting?
No. It is a triage tool. Teams with material gaps can use the results to decide whether they need a focused readiness review, documentation support, or deeper testing.
Built by CyberMed, the team behind the 30-Day Cybersprint program. We help medical device teams turn cybersecurity gaps into submission-ready evidence.