Tracie Berardi, Program Manager, CISQ
Dr. Bill Curtis, Founding Executive Director of the Consortium for IT Software Quality (CISQ), has joined the Standards Technical Panels (STPs) for the UL 2900 series of standards. UL 2900 is a set of software cybersecurity standards for network-connectable products. Dr. Curtis and members of CISQ have expertise in measuring the quality, security and safety of software-intensive systems, having spent the last year updating the CISQ Automated Source Code Quality Measure standards for the purpose of securing embedded software and real-time systems.
Dr. Curtis joins UL as a stakeholder on the STPs for 2900-1, 2900-2-1, and 2900-2-2, and as a member of 2900-2-3, which is launching a team to determine requirements for security and life safety signaling systems.
The table below shows the standards covered by these STPs:
STP Number | STP Name | Standard Number | Standard Title |
2900-1 | Software Cybersecurity for Network-Connectable Products: General Requirements | 2900-1 | Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements |
2900-2-1 | Software Cybersecurity for Components of Healthcare Systems | 2900-2-1 | Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare Systems |
2900-2-2 | Software Cybersecurity for Industrial Control Systems | 2900-2-2 | Software Cybersecurity for Network-Connectable Products, Part 2-2: Particular Requirements for Industrial Control Systems |
2900-2-3 | Software Cybersecurity for Security and Life Safety Signaling Systems | 2900-2-3 | Outline for Software Cybersecurity for Network- Connectable Products, Part 2-3: Particular Requirements for Security and Life Safety Signaling Systems |
UL maintains a Standards Dashboard to track the status of the 2900 cybersecurity standards. Each standard is then made available for purchase and download here.