UL Launches Cybersecurity Assurance Program

April 8, 2016

UL (Underwriters Laboratories) announced its new Cybersecurity Assurance Program.

UL CAP uses the new UL 2900 series of standards to offer testable cybersecurity criteria for network-connectable products and systems to assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls and increase security awareness. UL CAP is for vendors looking for trusted support in assessing security risks while they continue to focus on product innovation to help build safer more secure products, as well as for purchasers of products who want to mitigate risks by sourcing products validated by a trusted third party.

The new UL CAP was developed with input from major stakeholders representing the U.S. Federal government, academia and industry to elevate the security measures deployed in the critical infrastructure supply chain. The White House recently released the Cybersecurity National Action Plan (CNAP), designed to enhance cybersecurity capabilities within the US government and across the country. UL's CAP services and software security efforts were recognized within the CNAP as a way to test and certify network-connectable devices within the Internet of Things supply chain and ecosystems especially relevant in critical infrastructures, such as energy, utilities and healthcare.

Asset owners from critical infrastructure can see the benefits of UL CAP as a means for evaluating the security posture of their supply chain. "The availability and integrity of critical infrastructure is crucial to the safety and well-being of society. A comprehensive program that measures critical systems against a common set of reliable security criteria is helpful," said Terrell Garren, CSO, Duke Energy. UL CAP offers trusted third party support with the ability to evaluate both the security of network-connectable products and systems and the vendor processes for developing and maintaining products and systems with a security focus.

UL's evaluation of security products and systems uses the UL 2900 series of standards which outline technical criteria for testing and evaluating the security of products and systems that are network-connectable. These standards form a baseline set of technical requirements to measure, and then elevate, the security posture of products and systems. UL 2900 is designed to evolve and incorporate additional technical criteria as the security needs in the marketplace mature.

I want to hear from you. Tell me how we can improve.

BNP Media Owner & Co-CEO, Tagg Henderson

You must login or register in order to post a comment.

Risk impacts every organization, and critical events and can cripple your operations if they’re not properly managed. For organizations focused on risk resiliency, the command center is quickly becoming the operational hub of risk management within an organization: the nerve center for risk.

At the center of an organization's security operation stands its nucleus, one of the most important pieces for overall functionality: the global security operations center (GSOC). But that can look different based on goals, budget and overall vision. However, one commonality remains: the GSOC is where a variety of systems and solutions come together to provide a singular operational picture, mitigate threats and promote enhanced communication during an incident.

Security Magazine

2020 April

This month in Security magazine: meet the global security team at Boston Scientific - five female professionals with diverse background and skills who are creating a best-in-class enterprise security team while ensuring the safety and security of employees, customers and patients. Also this month, we highlight Kristin Lenardson and her successful career in protective services. Security experts discuss whistleblowing, the CCPA and more.

View More Create Account

UL Launches Cybersecurity Assurance Program

Related Articles

Related Products

Report Abusive Comment