UL 2900-1
Outline of Investigation for Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements

DETAILS
Edition Number:2SCC Approved:--
Edition Date:2016-09-26DOD Approved: --
Price Code:AANSI Approved: --
Type:outline

  • SCOPE

    1 Scope

    1.1 This outline applies to network-connectable products that shall be evaluated and tested for vulnerabilities, software weaknesses and malware.

    1.2 This outline describes:

    a)    Requirements regarding the vendor’s risk management process for their product.

    b)    Methods by which a product shall be evaluated and tested for the presence of vulnerabilities, software weaknesses and malware.

    c)    Requirements regarding the presence of security risk controls in the architecture and design of a product.

    1.3 This outline does not contain requirements regarding functional testing of a product. This means this outline contains no requirements to verify that the product functions as designed.

    1.4 This outline does not contain requirements regarding the hardware contained in a product.

  • TABLE OF CONTENTS
    Expand All

    • Outline Title Page
    • Table of Contents
      • Body
        • INTRODUCTION
          • 1 Scope
          • 2 Normative References
          • 3 Glossary
        • DOCUMENTATION OF PRODUCT, PRODUCT DESIGN AND PRODUCT USE
          • 4 Product Documentation
          • 5 Product Design Documentation
          • 6 Documentation for Product Use
        • RISK CONTROLS
          • 7 General
          • 8 Access Control, User Authentication and User Authorization
          • 9 Remote Communication
          • 10 Cryptography
          • 11 Product Management
        • RISK MANAGEMENT
          • 12 Vendor Product Risk Management Process
        • VULNERABILITIES AND EXPLOITS
          • 13 Known Vulnerability Testing
          • 14 Malware Testing
          • 15 Malformed Input Testing
          • 16 Structured Penetration Testing
        • SOFTWARE WEAKNESSES
          • 17 Software Weakness Analysis
          • 18 Static Source Code Analysis
          • 19 Static Binary and Bytecode Analysis
    • APPENDIX A
    • APPENDIX B
    • APPENDIX C