UL Cybersecurity Assurance Program – Evaluating Network-Connectable Products & Systems Per Common Security Requirements
With the emergence of the Internet of Things
To assist manufacturers who develop these products and purchasers who acquire these products; UL has developed a series of standards under UL 2900 that aims to provide a minimum set of requirements that manufacturers of network-connectable products can pursue to establish a baseline of protection against vulnerabilities and software weaknesses, along with a minimum set of security risk controls and documentation to consider relative to their existing overall product risk assessments. These requirements can apply to multiple ecosystems of products. Some examples are healthcare systems, industrial automation and SCADA systems, transportation and automotive systems, building automation systems, life safety systems (such as smoke detectors and intrusion panels), critical infrastructure, smart home & consumer devices and applications, and software applications.
- History of cybersecurity risk
- Fundamentals of developing products with security in mind:
- Assessing and addressing known vulnerabilities and malware
- Identifying software weaknesses that are common causes of known security vulnerabilities
- Common security controls around:
- Access control and authentication
- Remote communications
- Software updates
- Decommissioning of products
- How to develop a robust methodology for identifying risks in a manufacturers’ software supply chain
Whether it is certification or training, UL is here to help. We hope this is another reason why you continue to rely on UL to certify, validate, test, inspect, audit, advise and educate.
Questions? Contact Us
For specific questions or assistance selecting the right solution, please contact us at ULCyber@ul.com.