cybersecurity-risk-assessor
Medical device cybersecurity risk assessment skill per FDA premarket and postmarket guidance
Best use case
cybersecurity-risk-assessor is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Medical device cybersecurity risk assessment skill per FDA premarket and postmarket guidance
Teams using cybersecurity-risk-assessor should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/cybersecurity-risk-assessor/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How cybersecurity-risk-assessor Compares
| Feature / Agent | cybersecurity-risk-assessor | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Medical device cybersecurity risk assessment skill per FDA premarket and postmarket guidance
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Cybersecurity Risk Assessor Skill
## Purpose
The Cybersecurity Risk Assessor Skill evaluates cybersecurity risks for medical devices per FDA guidance and IEC 81001-5-1, supporting threat modeling, vulnerability assessment, and security control implementation.
## Capabilities
- Threat modeling (STRIDE methodology)
- Vulnerability assessment
- SBOM (Software Bill of Materials) generation
- Security control identification
- Penetration testing planning
- Cybersecurity documentation for FDA submissions
- Attack surface analysis
- Security architecture review
- Coordinated vulnerability disclosure planning
- Postmarket cybersecurity management
- Patch management planning
## Usage Guidelines
### When to Use
- Assessing device cybersecurity risks
- Planning penetration testing
- Preparing FDA cybersecurity submissions
- Managing software dependencies
### Prerequisites
- Software architecture documented
- Network connectivity defined
- Data flows identified
- Third-party components cataloged
### Best Practices
- Integrate cybersecurity from design inception
- Maintain current SBOM
- Plan for security updates throughout lifecycle
- Establish vulnerability disclosure process
## Process Integration
This skill integrates with the following processes:
- Software Development Lifecycle (IEC 62304)
- Medical Device Risk Management (ISO 14971)
- 510(k) Premarket Submission Preparation
- Post-Market Surveillance System Implementation
## Dependencies
- FDA Cybersecurity guidance
- IEC 81001-5-1 standard
- SBOM tools (CycloneDX, SPDX)
- Vulnerability databases (NVD, CVE)
- Threat modeling frameworks
## Configuration
```yaml
cybersecurity-risk-assessor:
threat-methodologies:
- STRIDE
- PASTA
- attack-trees
sbom-formats:
- CycloneDX
- SPDX
security-tiers:
- Tier-1-higher
- Tier-2-standard
control-frameworks:
- NIST-CSF
- IEC-62443
```
## Output Artifacts
- Threat models
- Vulnerability assessments
- SBOM documents
- Security architecture documents
- Penetration test plans
- FDA cybersecurity submissions
- Security control matrices
- Patch management plans
## Quality Criteria
- All threat vectors identified
- Vulnerabilities assessed with CVSS scores
- SBOM is complete and current
- Security controls address identified risks
- Documentation meets FDA requirements
- Postmarket security plan establishedRelated Skills
vendor-risk-monitor
Continuous vendor security monitoring for security ratings, breach notifications, and risk change detection
risk-mitigation-planning
Develop comprehensive risk management plans for collections and cultural venues including disaster preparedness, security protocols, and insurance coordination
replication-feasibility-assessor
Skill for assessing feasibility of study replication
rula-reba-assessor
Rapid Upper Limb Assessment (RULA) and Rapid Entire Body Assessment (REBA) skill for posture evaluation.
use-related-risk-analyzer
Use-related risk analysis skill for identifying hazards associated with user interaction per IEC 62366-1
iso14971-risk-analyzer
Comprehensive risk management skill implementing ISO 14971:2019 methodology for medical device risk analysis
automotive-cybersecurity
Vehicle cybersecurity engineering per ISO/SAE 21434
vendor-risk-scorer
Comprehensive supplier risk scoring skill with multi-dimensional risk assessment
sustainable-procurement-assessor
Sustainability assessment skill for procurement practices and supplier evaluation
supply-chain-risk-assessor
Comprehensive supply chain risk identification and assessment skill with heat mapping
fraud-risk-assessor
Fraud risk assessment skill based on the fraud triangle with red flag detection
value-at-risk-calculator
Value at Risk (VaR) and related risk metrics calculation skill for financial and operational risk assessment