Software Integrity Blog


VA to adopt UL Cybersecurity Assurance Program

The U.S. Department of Veteran Affairs (VA) and UL (Underwriters Laboratories) have signed Cooperative Research and Development Agreement Program (CRADA) for medical devices cybersecurity standards and certification approaches.

CRADA project will support improvement of Veterans patient safety and security through the use and verification of UL’s Cybersecurity Assurance Program (UL CAP), an independent third-party testing and certification program for network-connectable products and software components, including industrial control systems (ICS), medical devices, in-vehicle software systems and other IoT devices. Software security testing tools from Synopsys are designated for use in the UL CAP.

Using UL’s CAP, the VA said it will refine existing and emerging standards and practices related to network connectable medical devices, medical device data systems and related health information technology. Both parties expect the project to accelerate the sharing of medical device cybersecurity information, standards and lifecycle requirements towards creating a safety certification framework for Veterans.

“Working together with the VA, we will contribute to industry-wide situational awareness of both medical device vulnerabilities and threats,” said Anura Fernando, UL Principal Engineer for Medical Software & Systems Interoperability, said in a UL press release. “We believe that this project will positively impact the direction that manufacturers take in improving the overall security posture of medical cyber assets.”


More by this author