ANSI/CAN/UL 2900-1:2023

Scope 1.1 This standard applies to network-connectable products that shall be evaluated and tested for vulnerabilities, software weaknesses and malware. 1.2 This standard describes: a) Requirements regarding the software developer (vendor or other supply chain member) risk management process for their product. b) Methods by which a product shall be evaluated and tested for the presence of vulnerabilities, software weaknesses and malware. c) Requirements regarding the presence of security risk controls in the architecture and design of a product. 1.3 This standard does not contain requirements regarding functional testing of a product. This means this standard contains no requirements to verify that the product functions as designed. 1.4 This standard does not contain requirements regarding the hardware contained in a product.