UL Cybersecurity Assurance Program – Evaluating Network-Connectable Products & Systems Per Common Security Requirements

With the emergence of the Internet of Things (IoT) many systems are now more susceptible to security flaws that may compromise these systems and affect their true intended purpose.

To assist manufacturers who develop these products and purchasers who acquire these products; UL has developed a series of standards under UL 2900 that aims to provide a minimum set of requirements that manufacturers of network-connectable products can pursue to establish a baseline of protection against vulnerabilities and software weaknesses, along with a minimum set of security risk controls and documentation to consider relative to their existing overall product risk assessments. These requirements can apply to multiple ecosystems of products. Some examples are healthcare systems, industrial automation and SCADA systems, transportation and automotive systems, building automation systems, life safety systems (such as smoke detectors and intrusion panels), critical infrastructure, smart home & consumer devices and applications, and software applications.


  • History of cybersecurity risk
  • Fundamentals of developing products with security in mind:
    • Assessing and addressing known vulnerabilities and malware
    • Identifying software weaknesses that are common causes of known security vulnerabilities
    • Common security controls around:
      • Access control and authentication
      • Cryptography
      • Remote communications
      • Software updates
      • Decommissioning of products
  • How to develop a robust methodology for identifying risks in a manufacturers’ software supply chain

For specific questions or assistance selecting the right solution, please contact a UL Cybersecurity expert at ULCyber@ul.com or visit www.ul.com/cybersecurity.