Strengthening consistent security throughout your connected product lines
Beyond tactical security and compliance considerations, a holistic analysis of governance and processes used in developing and rolling out connected products is required for a sustainable, lasting security and compliance posture.
Challenges for connected device stakeholders
Connected devices stakeholders face increasingly sophisticated cybersecurity challenges in today’s highly connected world. Some of their key issues include:
- Clarity on the company’s standing in terms of product security practices.
- Knowing whether product development processes are in line with industry-specific standards.
- Identifying actions to take in terms of process improvements, security techniques and mechanisms.
- Understanding whether the connected device infrastructure is developed, deployed and operated securely.
- Knowing what they should focus on to get to the proper security maturity.
Assess the maturity of your product security program and set the right direction with Maturity Path
What is UL’s Maturity Path solution?
Maturity Path provides a security development lifecycle maturity assessment for connected devices to help companies ensure consistent security across governance and processes throughout product lines. With this holistic overview and analysis, companies can better manage risks and minimize vulnerabilities.
Maturity Path is for product security and development teams at device manufacturers, suppliers or system integrators developing connected products and looking to assess their secure development life cycle governance and processes against a robust framework, considering industry-specific standards.
How Maturity Path works
Through a secure web interface and the use of UL’s product development maturity assessment framework based on the Open Web Application Security Project (OWASP) Software Assurance Maturity Model, device manufacturers, suppliers and system integrators can have their teams answer questions with corresponding documentation to define current security maturity scores for their product lines. Assessed product lines can also receive a certification readiness score on industry-specific standards and guidelines, including:
- UL 2900, the Series of Standards for industrial and healthcare devices and components
- IEC 62443-4-1 and IEC 62443-4-2 for industrial devices and components
- ISO 21434 for automotive devices and components
- IoT Security Rating (ETSI 303 645 compatible) for connected home devices and components
The Maturity Path assessment can either be:
Connected device stakeholders who have a good understanding of the Maturity Path criteria along with the appropriate cybersecurity resources can perform the self-assessment.
Upon completion of the complimentary self-assessment, stakeholders can pay for the self-assessment verification fee where UL verifies that the scope in the self-assessment report is consistent with the scope defined at the Registration & Scoping stage.
UL can also help connected device stakeholders define their current security maturity state and define a road map for improvement with a target security maturity score based on their business and security goals. Stakeholders with a good understanding of the product development maturity criteria but without the resources to perform the assessment may choose to have a certified assessment. A senior UL evaluator will interview the vendor through the platform and perform the assessment with their input.
The maturity assessment will be valid for one year, after which recertification will be required.
Industry-specific Standards supported
|Automotive||ISO 21434||Standard for automotive devices and components|
|Healthcare||UL 2900 Series||Standards for healthcare devices and components|
|Industrial||UL 2900 Series
|Standards for industrial devices and components|
|IoT||IoT Security Rating (ETSI 303 645 compatible)||Standards for connected home devices and components|
Download a Maturity Path fact sheet
Maturity Path is for product security and development teams at device manufacturers, suppliers or system integrators developing connected products to assess their secure development lifecycle governance and processes against a robust framework, considering industry-specific standards.