What is UL Standard 2900
What do the UL 2900-1 standard cover?
UL 2900 is a series of standards developed as part of UL’s Cybersecurity Assurance Program for assessing product weaknesses, vulnerabilities, and security risks controls. The standards present general software cybersecurity requirements for network-connectable products (UL 2900-1), as well as requirements specifically for medical and healthcare systems (UL 2900-2-1), industrial control systems (UL 2900-2-2), and security and life safety signalling systems (UL 2900-2-3).
UL 2900-1, the UL Standard for Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements, was published and adopted as an ANSI (American National Standards Institute) standard in July 2017. While not a lengthy document, it is used to evaluate and test network-connected devices for security vulnerabilities, software weaknesses and malware. The document describes the following Requirements and Methods :
- Requirements regarding the software developer (vendor or other supply chain member) risk management process for their product.
- Methods by which a product shall be evaluated and tested for the presence of vulnerabilities, software weaknesses, and malware.
- Requirements regarding the presence of security risk controls in the architecture and design of a product.
Who is UL?
UL is a globally recognised third-party non-profit organisation that has been testing and approving products for consumer safety since 1894. Currently, UL operates in more than 70 countries and performs safety testing on 18,750 categories of electrical, mechanical and chemical products.
Learn more - https://www.ul.com/resources/ul-cybersecurity-assurance-program-ul-cap