Recently, security risks have been become inherently more public and the advent of software in a manufacturer’s supply chain can drive these risks to affect both the safety and performance of the product they manufacture and the relevant systems in which the product is implemented. With the emergence of the Internet of Things (IoT) many systems are now more susceptible to security flaws that may compromise these systems and affect their true intended purpose.
To assist manufacturers who develop these products and purchasers who acquire these products; UL has developed a series of standards under UL 2900 that aims to provide a minimum set of requirements that manufacturers of network-connectable products can pursue to establish a baseline of protection against vulnerabilities and software weaknesses, along with a minimum set of security risk controls and documentation to consider relative to their existing overall product risk assessments. These requirements can apply to multiple ecosystems of products. Some examples are healthcare systems, industrial automation and SCADA systems, transportation and automotive systems, building automation systems, life safety systems (such as smoke detectors and intrusion panels), critical infrastructure, smart home & consumer devices and applications, and software applications.