Global safety science organization, UL (Underwriters Laboratories), has launched its new cybersecurity assurance program – UL CAP.
Using the new UL 2900 series of standards, UL CAP offers testable cybersecurity criteria for network-connectable products and systems to assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls, and increase security awareness.
The UL 2900 series of standards outline technical criteria for testing and evaluating the security of products and systems that are network-connectable. These standards form a baseline set of technical requirements to measure and then elevate the security posture of products and systems.
Meeting these requirements allows a product or system to be certified by UL as “UL 2900 compliant.” Additionally, UL 2900 can support the evaluation of a vendor’s processes for design, development, and maintenance of secure products and systems.
The assurance program has been designed for vendors looking for trusted support in assessing security risks, as well as for purchasers who want to source products that have been validated by a trusted third party.
“The more devices become interconnected, the greater the potential security risks to products and services across all sectors,” UL Director of Connected Technologies Rachna Stegall said. “The Cybersecurity Assurance Program’s purpose is to help manufacturers, purchasers and end-users, both public and private, mitigate those risks via methodical risk assessments and evaluations.”
UL CAP was developed with input from major stakeholders representing the U.S. Federal government, academia, and industry, to elevate the security measures deployed in the critical infrastructure supply chain.
UL CAP can help vendors identify security risks in their products and systems. It suggests methods for mitigating those risks in a range of industry functions including industrial control systems, medical devices, automotive, HVAC, lighting, smart home, appliances, alarm systems, fire systems, building automation, smart meters, network equipment, and consumer electronics.