The Internet of Things (IoT), is enabling more sophisticated capabilities through network-connected products and systems.  As a result, residential and commercial products are becoming more interconnected and networkable.  According to many recent industry reports and the U.S. government, there have been significant increases in attacks that penetrate connected networks.  This activity has highlighted that cybersecurity of software is becoming critically important for the safety, privacy and performance of these networked systems.  Verifying against known vulnerabilities and exploitable weaknesses in software can help prevent systems from becoming susceptible to cyber attacks.

With our extensive expertise in software, hardware and interoperability, UL can help mitigate these concerns for manufacturers, vendors and their customers through our UL Cybersecurity Assurance Program (UL CAP) that utilizes the new UL 2900-1 standard for AHL products and systems.

UL CAP offers trusted third party support with the ability to evaluate both the security of network-connectable products and systems as well as the vendor processes for developing and maintaining products and systems with a security focus.  The program allows vendors to concentrate on product innovation with emerging technologies and capabilities to meet the ongoing needs of the marketplace.

For increased flexibility, vendors can select the UL CAP services for AHL products and systems best suited for their current needs:

  • Testing security criteria based on UL 2900-1 cybersecurity standard or specified requirements
  • Testing leading to certification based on UL 2900-1 cybersecurity standard
  • Evaluation and risk assessment of vendor processes for developing and maintaining AHL products and systems
  • Advisory/ Training in security readiness for product design and sourcing third party components

Why Choose UL CAP for Appliances, HVAC & Lighting

Everything UL does focuses on reducing the risks of product developers and manufacturers.  UL does this by establishing industry standards and providing independent testing, support and certification.  The UL CAP was developed with input from major stakeholders representing the U.S. Federal government, academia and industry to elevate the security measures deployed in the critical infrastructure supply chain. In fact, the UL CAP services and software security efforts are recognized within the U.S. White House Cybersecurity National Action Plan (CNAP) as a way to test and certify network-connectable devices within the IoT supply chain.  

Early adoption of the UL CAP provides a competitive advantage by differentiation in the marketplace and can help mitigate risk due to potential consequences of a cyberattack including:

  • Unplanned downtime and loss of production
  • Costly harm to assets
  • Reputational damage

As a third-party provider we reinforce a customer’s objective commitment to safety excellence, helping build buyer confidence through UL certification on products and systems.

Why UL?

The facts
  • Science and knowledge-based company
  • Offering transparency through measurements and standards
  • Independent and trusted entity
  • Inside-out and outside-in approach from security development to testing
  • Experience in embedded SW security
  • Providing a complete offering, focusing on both product security as well as secure software development processes
The benefits
  • Protecting you business based on science, technology and SW/application security expertise. Basis of measurement founded on facts/science
  • Offering confidence regarding your efforts to manage cybersecurity risks, giving you a competitive advantage
  • Complete risk management offering find, fix, and prevent services
  • Saving time and money by focusing on protecting the most critical parts of the business first

Appliances, HVAC & Lighting Product Evaluation Deliverables

Service Deliverable
Certification Certificate of compliance to UL 2900-1 indicating UL 2900 compliant
Testing Test report based on some or all of UL 2900-1 requirements or customer specified requirements
Training
  • Understand UL 2900 standard as it relates to Appliances, HVAC & Lighting equipment
  • Best practices for identifying and mitigating risk associated with software vulnerabilities

For questions please contact ULCyber@ul.com