UL 2900 is a series of standards published by UL (formerly Underwriters Laboratories), a global safety consulting and certification company. The standards present general software cyber security requirements for network-connectable products (UL 2900-1), as well as requirements specifically for medical and healthcare systems (UL 2900-2-1), industrial control systems (UL 2900-2-2), and security and life safety signaling systems (UL 2900-2-3).
UL 2900-2-3, the UL Outline of Investigation for Software Cybersecurity for Network-Connectable Products, Part 2-3: Particular Requirements for Security and Life Safety Signaling Systems, was published in August 2017. It has not been developed into a standard and published.
The outline for the future UL 2900-2-3 standard says it “applies to the evaluation of security and life safety signaling system components,” including these:
The UL Cybersecurity Assurance Program (UL CAP) is a certification program for evaluating the IoT security of network-connectable products and systems. UL CAP uses the UL 2900 series of standards. The program, according to UL, “aims to minimize [IoT] risks by creating standardized, testable criteria for assessing software vulnerabilities and weaknesses.” Furthermore, “UL CAP relies upon the UL 2900 set of standards, developed with input from major stakeholders representing government, academia and industry.”