Skip to main content

Maturity Path

Secure development life cycle maturity assessment

Login or register Request a demo

Strengthening consistent security throughout your connected product lines

Beyond tactical security and compliance considerations, a holistic analysis of governance and processes used in developing and rolling out connected products is required for a sustainable, lasting security and compliance posture.

 

Challenges for connected device stakeholders

Connected devices stakeholders face increasingly sophisticated cybersecurity challenges in today’s highly connected world. Some of their key issues include:

  • Clarity on the company’s standing in terms of product security practices.
  • Knowing whether product development processes are in line with industry-specific standards.
  • Identifying actions to take in terms of process improvements, security techniques and mechanisms.
  • Understanding whether the connected device infrastructure is developed, deployed and operated securely.
  • Knowing what they should focus on to get to the proper security maturity.

 

 

Assess the maturity of your product security program and set the right direction with Maturity Path

What is UL’s Maturity Path solution?

Maturity Path provides a security development lifecycle maturity assessment for connected devices to help companies ensure consistent security across governance and processes throughout product lines. With this holistic overview and analysis, companies can better manage risks and minimize vulnerabilities.

Maturity Path is for product security and development teams at device manufacturers, suppliers or system integrators developing connected products and looking to assess their secure development life cycle governance and processes against a robust framework, considering industry-specific standards.

How Maturity Path works

Through a secure web interface and the use of UL’s product development maturity assessment framework based on the Open Web Application Security Project (OWASP) Software Assurance Maturity Model, device manufacturers, suppliers and system integrators can have their teams answer questions with corresponding documentation to define current security maturity scores for their product lines. Assessed product lines can also receive a certification readiness score on industry-specific standards and guidelines, including:

  • UL 2900, the Series of Standards for industrial and healthcare devices and components
  • IEC 62443-4-1 and IEC 62443-4-2 for industrial devices and components
  • ISO 21434 for automotive devices and components
  • IoT Security Rating (ETSI 303 645 compatible) for connected home devices and components

 

The Maturity Path assessment can either be:

Self assessment icon

Self-assessment

Free of charge

User icon + document certificate icon

Evaluator-led assessment

Leading to a certified report

 

Self-assessment          Evaluator-led assessment

Connected device stakeholders who have a good understanding of the Maturity Path criteria along with the appropriate cybersecurity resources can perform the self-assessment.

Upon completion of the complimentary self-assessment, stakeholders can pay for the self-assessment verification fee where UL verifies that the scope in the self-assessment report is consistent with the scope defined at the Registration & Scoping stage.

UL can also help connected device stakeholders define their current security maturity state and define a road map for improvement with a target security maturity score based on their business and security goals. Stakeholders with a good understanding of the product development maturity criteria but without the resources to perform the assessment may choose to have a certified assessment. A senior UL evaluator will interview the vendor through the platform and perform the assessment with their input.

The maturity assessment will be valid for one year, after which recertification will be required.

 

 

Industry-specific Standards supported

Industry  Standard Description
Automotive ISO 21434 Standard for automotive devices and components
Healthcare UL 2900 Series Standards for healthcare devices and components
Industrial UL 2900 Series
IEC 62443-4-1
IEC62443-4-2
Standards for industrial devices and components
IoT IoT Security Rating (ETSI 303 645 compatible) Standards for connected home devices and components

 

 

Customer benefits

 

Security update icon

Find out what your security governance and processes standing is for all your product lines in one integrated digital solution.

Certificate icon

Navigate quickly and easily with our intuitive user interface. Get started today: self-register on the solution and run a self-assessment or ask for a UL evaluator to conduct a certified assessment.

Conversation icon

Collaborate with your team and/or interact with your assigned UL evaluator through the solution.

Secure communication icon

Obtain a certification readiness score on leading industry-specific standards for Industry 4.0, healthcare, automotive and consumer electronics devices.

Hand shield icon

Communicate your security maturity level easily with internal and external stakeholders.

Laptop pie chart icon

Achieve clarity on where you stand and what you can improve on.

Download a Maturity Path fact sheet

Maturity Path is for product security and development teams at device manufacturers, suppliers or system integrators developing connected products to assess their secure development lifecycle governance and processes against a robust framework, considering industry-specific standards.

Download fact sheet

Have more questions about Maturity Path? Explore our Technical Guide and FAQs.

Get in touch

Have questions, need specifics? Let's get this conversation started.

Help and support

How can we help?