Назад към всички

cybersecurity-risk-assessor

// Medical device cybersecurity risk assessment skill per FDA premarket and postmarket guidance

$ git log --oneline --stat
stars:384
forks:73
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
namecybersecurity-risk-assessor
descriptionMedical device cybersecurity risk assessment skill per FDA premarket and postmarket guidance
allowed-toolsRead,Write,Glob,Grep,Edit,Bash
metadata[object Object]

Cybersecurity Risk Assessor Skill

Purpose

The Cybersecurity Risk Assessor Skill evaluates cybersecurity risks for medical devices per FDA guidance and IEC 81001-5-1, supporting threat modeling, vulnerability assessment, and security control implementation.

Capabilities

  • Threat modeling (STRIDE methodology)
  • Vulnerability assessment
  • SBOM (Software Bill of Materials) generation
  • Security control identification
  • Penetration testing planning
  • Cybersecurity documentation for FDA submissions
  • Attack surface analysis
  • Security architecture review
  • Coordinated vulnerability disclosure planning
  • Postmarket cybersecurity management
  • Patch management planning

Usage Guidelines

When to Use

  • Assessing device cybersecurity risks
  • Planning penetration testing
  • Preparing FDA cybersecurity submissions
  • Managing software dependencies

Prerequisites

  • Software architecture documented
  • Network connectivity defined
  • Data flows identified
  • Third-party components cataloged

Best Practices

  • Integrate cybersecurity from design inception
  • Maintain current SBOM
  • Plan for security updates throughout lifecycle
  • Establish vulnerability disclosure process

Process Integration

This skill integrates with the following processes:

  • Software Development Lifecycle (IEC 62304)
  • Medical Device Risk Management (ISO 14971)
  • 510(k) Premarket Submission Preparation
  • Post-Market Surveillance System Implementation

Dependencies

  • FDA Cybersecurity guidance
  • IEC 81001-5-1 standard
  • SBOM tools (CycloneDX, SPDX)
  • Vulnerability databases (NVD, CVE)
  • Threat modeling frameworks

Configuration

cybersecurity-risk-assessor:
  threat-methodologies:
    - STRIDE
    - PASTA
    - attack-trees
  sbom-formats:
    - CycloneDX
    - SPDX
  security-tiers:
    - Tier-1-higher
    - Tier-2-standard
  control-frameworks:
    - NIST-CSF
    - IEC-62443

Output Artifacts

  • Threat models
  • Vulnerability assessments
  • SBOM documents
  • Security architecture documents
  • Penetration test plans
  • FDA cybersecurity submissions
  • Security control matrices
  • Patch management plans

Quality Criteria

  • All threat vectors identified
  • Vulnerabilities assessed with CVSS scores
  • SBOM is complete and current
  • Security controls address identified risks
  • Documentation meets FDA requirements
  • Postmarket security plan established