What is UL Standard 2900
What do the UL 2900-1 standard cover?
UL 2900 is a series of standards developed as part of UL’s Cybersecurity Assurance Program for assessing product weaknesses, vulnerabilities, and security risks controls. The standards present general software cybersecurity requirements for network-connectable products (UL 2900-1), as well as requirements specifically for medical and healthcare systems (UL 2900-2-1), industrial control systems (UL 2900-2-2), and security and life safety signalling systems (UL 2900-2-3).
UL 2900-1, the UL Standard for Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements, was published and adopted as an ANSI (American National Standards Institute) standard in July 2017. While not a lengthy document, it is used to evaluate and test network-connected devices for security vulnerabilities, software weaknesses and malware. The document describes the following Requirements and Methods :
- Requirements regarding the software developer (vendor or other supply chain member) risk management process for their product.
- Methods by which a product shall be evaluated and tested for the presence of vulnerabilities, software weaknesses, and malware.
- Requirements regarding the presence of security risk controls in the architecture and design of a product.