Strengthening consistent security throughout your connected product lines
Beyond tactical security and compliance considerations, a holistic analysis of governance and processes used in developing and rolling out connected products is required for a sustainable, lasting security and compliance posture.
Benefits for connected device stakeholders
Connected device stakeholders face increasingly sophisticated cybersecurity challenges in today’s highly connected world. Some of their key issues include:
Clarity on the company’s standing in terms of product security practices.
Knowing whether product development processes are in line with industry-specific standards.
Identifying actions to take in terms of process improvements, security techniques and mechanisms.
Understanding whether the connected device infrastructure is developed, deployed and operated securely.
Assess the maturity of your product security program and set the right direction with Maturity Path
What is UL Solutions’ Maturity Path solution?
Maturity Path provides a security development life cycle maturity assessment for connected devices to help companies ensure consistent security across governance and processes throughout product lines. With this holistic overview and analysis, companies can better manage risks and minimize vulnerabilities.
Maturity Path is for product security and development teams at device manufacturers, suppliers or system integrators developing connected products and looking to assess their secure development life cycle governance and processes against a robust framework, considering industry-specific standards.
How Maturity Path works
Through a secure web interface and the use of UL Solutions’ product development maturity assessment framework based on the Open Web Application Security Project (OWASP) Software Assurance Maturity Model, device manufacturers, suppliers and system integrators can have their teams answer questions with corresponding documentation to define current security maturity scores for their product lines. Assessed product lines can also receive a certification readiness score and report on industry-specific standards and guidelines, including:
- UL 2900, the Series of Standards for industrial and healthcare devices and components
- IEC 62443-4-1 and IEC 62443-4-2 for industrial devices and components
- ISO/SAE 21434 for automotive devices and components
- IoT Security Rating (ETSI 303 645 compatible) for connected home devices and components
The Maturity Path assessment can either be:
Connected device stakeholders who have a good understanding of the Maturity Path criteria along with the appropriate cybersecurity resources can perform the self-assessment.
Upon completion of the complimentary self-assessment, stakeholders can pay the self-assessment validation fee where UL Solutions verifies that the scope in the self-assessment report is consistent with the scope defined at the Registration and Scoping stage.
Leading to a verified report
UL Solutions can also help connected device stakeholders define their current security maturity state and define a road map for improvement with a target security maturity score based on their business and security goals. Stakeholders with a good understanding of the product development maturity criteria but without the resources to perform the assessment may choose to have a verification assessment. A senior UL Solutions evaluator will interview the vendor through the platform and perform the assessment with their input.
The maturity assessment will be valid for one year, after which reverification will be required.
Industry-specific standards supported
|IoT||IoT Security Rating (ETSI 303 645 compatible)||Standards for connected home devices and components|
|Industrial||UL 2900 Series
|Standards for industrial devices and components|
|Healthcare||ISO/SAE 21434||Standards for healthcare devices and components|
|Automotive||ISO/SAE 21434||Standard for automotive devices and components|
Download a Maturity Path fact sheet
Maturity Path is for product security and development teams at device manufacturers, suppliers or system integrators developing connected products to assess their secure development life cycle governance and processes against a robust framework, considering industry-specific standards.
Have more questions about Maturity Path? Explore our Technical Guide and FAQs.