UL2900-1 – Software Cybersecurity for Network Connectable Products Part 1: General Requirements

UL 2900-1, the UL Standard for Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements, was published and adopted as an ANSI (American National Standards Institute) standard in July 2017. The UL 2900-1 standard says it “applies to network-connectable products that shall be evaluated and tested for vulnerabilities, software weaknesses and malware” and that it describes these requirements and methods: 1. Requirements regarding the software developer (vendor or other supply chain member) risk management process for their product.
2. Methods by which a product shall be evaluated and tested for the presence of vulnerabilities, software weaknesses, and malware.
3. Requirements regarding the presence of security risk controls in the architecture and design of a product.