cybersecurity-risk-assessor

# Cybersecurity Risk Assessor Skill ## Purpose The Cybersecurity Risk Assessor Skill evaluates cybersecurity risks for medical devices per FDA guidance and IEC 81001-5-1, supporting threat modeling, vulnerability assessment, and security control implementation. ## Capabilities - Threat modeling (STRIDE methodology) - Vulnerability assessment - SBOM (Software Bill of Materials) generation - Security control identification - Penetration testing planning - Cybersecurity documentation for FDA submissions - Attack surface analysis - Security architecture review - Coordinated vulnerability disclosure planning - Postmarket cybersecurity management - Patch management planning ## Usage Guidelines ### When to Use - Assessing device cybersecurity risks - Planning penetration testing - Preparing FDA cybersecurity submissions - Managing software dependencies ### Prerequisites - Software architecture documented - Network connectivity defined - Data flows identified - Third-party components cataloged ### Best Practices - Integrate cybersecurity from design inception - Maintain current SBOM - Plan for security updates throughout lifecycle - Establish vulnerability disclosure process ## Process Integration This skill integrates with the following processes: - Software Development Lifecycle (IEC 62304) - Medical Device Risk Management (ISO 14971) - 510(k) Premarket Submission Preparation - Post-Market Surveillance System Implementation ## Dependencies - FDA Cybersecurity guidance -...