Skip to main content
Welcome to the cutting edge of safety science—Learn more about our rebrand.

Maturity Path™

Secure development life cycle maturity assessment

Schedule a demo Sign up

Strengthening consistent security throughout your connected product lines

Beyond tactical security and compliance considerations, a holistic analysis of governance and processes used in developing and rolling out connected products is required for a sustainable, lasting security and compliance posture.

 

Benefits for connected device stakeholders

Connected device stakeholders face increasingly sophisticated cybersecurity challenges in today’s highly connected world. Some of their key issues include:

Security communication icon

Clarity on the company’s standing in terms of product security practices.

 

Certificate icon

Knowing whether product development processes are in line with industry-specific standards.

 

Security technique action icon

Identifying actions to take in terms of process improvements, security techniques and mechanisms.

 

Secure operations icon

Understanding whether the connected device infrastructure is developed, deployed and operated securely.

 

 

Assess the maturity of your product security program and set the right direction with Maturity Path

What is UL Solutions’ Maturity Path solution?

Maturity Path provides a security development life cycle maturity assessment for connected devices to help companies ensure consistent security across governance and processes throughout product lines. With this holistic overview and analysis, companies can better manage risks and minimize vulnerabilities.

Maturity Path is for product security and development teams at device manufacturers, suppliers or system integrators developing connected products and looking to assess their secure development life cycle governance and processes against a robust framework, considering industry-specific standards.

How Maturity Path works

Through a secure web interface and the use of UL Solutions’ product development maturity assessment framework based on the Open Web Application Security Project (OWASP) Software Assurance Maturity Model, device manufacturers, suppliers and system integrators can have their teams answer questions with corresponding documentation to define current security maturity scores for their product lines. Assessed product lines can also receive a certification readiness score and report on industry-specific standards and guidelines, including:

  • UL 2900, the Series of Standards for industrial and healthcare devices and components
  • IEC 62443-4-1 and IEC 62443-4-2 for industrial devices and components
  • ISO/SAE 21434 for automotive devices and components
  • IoT Security Rating (ETSI 303 645 compatible) for connected home devices and components

 

 

The Maturity Path assessment can either be:

Self assessment icon

Self-assessment

Complimentary


Connected device stakeholders who have a good understanding of the Maturity Path criteria along with the appropriate cybersecurity resources can perform the self-assessment.

Upon completion of the complimentary self-assessment, stakeholders can pay the self-assessment validation fee where UL Solutions verifies that the scope in the self-assessment report is consistent with the scope defined at the Registration and Scoping stage.

 

Evaluator-led icon

Evaluator-led assessment

Leading to a verified report


UL Solutions can also help connected device stakeholders define their current security maturity state and define a road map for improvement with a target security maturity score based on their business and security goals. Stakeholders with a good understanding of the product development maturity criteria but without the resources to perform the assessment may choose to have a verification assessment. A senior UL Solutions evaluator will interview the vendor through the platform and perform the assessment with their input.

The maturity assessment will be valid for one year, after which reverification will be required.

 

Industry-specific standards supported

 

Industry Standard Description
IoT IoT Security Rating (ETSI 303 645 compatible) Standards for connected home devices and components
Industrial UL 2900 Series
IEC 62443-4-1
IEC62443-4-2
Standards for industrial devices and components
Healthcare ISO/SAE 21434 Standards for healthcare devices and components
Automotive ISO/SAE 21434 Standard for automotive devices and components

 

Download a Maturity Path fact sheet

Maturity Path is for product security and development teams at device manufacturers, suppliers or system integrators developing connected products to assess their secure development life cycle governance and processes against a robust framework, considering industry-specific standards.

Download fact sheet

Start assessing the maturity of your product security program today with Maturity Path

Schedule a demo

Have more questions about Maturity Path? Explore our Technical Guide and FAQs.

 

Explore SafeCyber solutions

SafeCyber™

UL Solutions' new security and compliance life cycle management platform for connected devices

Binary Check™

Binary code analysis and vulnerability management

Get in touch

Have questions, need specifics? Let's get this conversation started.

Help and support

How can we help?