Underwriters Laboratories is a global safety consulting and certification company. They published the UL 2900. So, what’s this standard? Read this post to find more.
The UL 2900 And Its Importance
It is a series of standards that present general cybersecurity requirements. Especially for the following:
- UL 2900-1, which is the requirement for network-connectable products
- UL 2900-2-1, the specific requirements for medical and healthcare systems
- The UL 2900-2-2, this one is for industrial controls systems, and
- UL 2900-2-3 for security and life safety signaling systems.
These standards are important. That’s because increasing volumes of products today are becoming more interconnected. Also, the more interconnected things, the more they become vulnerable to cyberattacks and breaches.
Additionally, around 61% of organizations had to deal with security incidents. And these incidents are mostly related to products. Products with levels of IoTs they have deployed. Each device that connects to the internet, means a potential entry point. Especially for cyberattackers.
So, security precautions for the Internet of Things devices are businesses and consumers.
The Coverage Of The Standards
The following are the scope of each series.
UL 2900-1
In July 2017, it is being published and adopted as the “American National Standards Institute”. This standard aims to test and test “network-connectable products” for vulnerabilities. As well as software weaknesses and malware.
Additionally, this part describes the following requirements and methods:
- Requirements about software developer risk management process for their products.
- Methods of evaluating and testing vulnerabilities, weaknesses, and malware.
- Requirements concerning the presence of security risk controls. And in particular with product design and architecture.
UL 2900-2-1
It’s also published and adopted as an ANSI standard last September 2017. This standard particularly applies to the testing of network-connected components of healthcare systems.
Moreover, this includes the list below:
- The medical devices and their accessories
- The medical device data systems
- In-vitro diagnostics devices, and
- Health information technology as well as wellness devices
Further, the FDA officially recognized this standard last June 2018.
UL 2900-2-2
This outlines the particular requirements for industrial control systems. March 2016 when it is being published. But it was not developed into a standard and published.
This series should include the Programmable Logic Controllers and Distributed Control Systems. It also includes Process Control Systems as well as SCADA servers, etc.
UL 2900-2-3
This series outlines the requirements for Security and Life Safety Signaling Systems. It particularly applies to the evaluation of security and life safety signaling system components. But, like the other, this series also was not developed and published. Like the other one.
The scope of this series includes alarm control units. As well as the intrusion detection equipment and alarm automation system software. It further includes anti-theft equipment. And fire alarm control systems as well as PSIM systems, etc.
The Certification
UL CAP stands for “Cybersecurity Assurance Program. It’s a certification program for evaluating Internet of Things security. Especially for network-connectable product systems.
Moreover, the benefits of this certification are:
- Gaining competitive advantages
- Risk mitigation, and
- Opportunities for innovation.
Rate this post: