Verifying and validating that secure product development and maintenance processes have been implemented.
UL Cybersecurity Assurance Program (CAP) also verifies that the vendor of a certified product has a viable road map to maintain the security of a product through an assessment of organizational processes.
The UL 2900-3 Standard contains general requirements for product development and maintenance security processes that are verified during an organizational assessment.
UL performs an organizational assessment with focus on the following domains:
- Patch management
- Security Development Life cycle
- Verification of industry-specific organizational processes, such as for the medical industry
Customers who choose CAP-certified products can expect that future patches, updates or new versions of the software used in a CAP-certified product will provide the same level of protection when compared with the product at the time of evaluation.