Executive *******
***** ** ************* *** guarantee * ******* ** 'invulnerable' *** '******** ****', the **** **** **** UL ************* ******** *********** source **** ******* ******** a ************* ****** ********** level **** ******* ************* certifications.
*******, ** ** ****** expensive *** ****-********* ** many ************* *** *** find ** ***** *****.
** ****, **** * video ************ ************* **** done ** (******* *** Tyco *** *********) ***** are **** *** *********. We ** *** **** how **** **** ***** work ** *** *** camera ************* **** ******** models.
UL ********
***** **** ****** *** 124 ******** ** ****** ****** as * ****** ** developing ********* *** ******* products ** **** **** they ******* ****** *** as ********. *******, ************ those ********* **** **** around ********** *** ********** elements, *** *************.
**’* ************* ********* ******* (UL ***),******** ** ****, ***** **-******* ******** against ******** **** ***** **** ****** ** cybersecurity *********. *** **** ****** ****** cybersecurity ** ********* ****** and *** ********* ********* including ***** ************ (****-*), healthcare ******* (****-*-*), *** industrial ******* ******* (****-*-*). UL ****-*-* ** **'* attempt ** "******* *****" for *** ********* ** security *********.
Cybersecurity ************* *******
**********, *** ************* ******** of ******* ** *** product's ****** ********* '********** penetration *******', '****** **** analysis', *** '****** *** bytecode ********', ** *** excerpts **** ***** '******* of *************' ***** *****:


Process *** *******
**** ***** **** ******* Lead ******** *********, ******* Chevalier [**** ** ****** available] ***** *** *******, what ** ******** *** what ** ***** *** Genetec's *********.
*******'* ********* **** *** process, ***** **** ****** 8 ******, *** *** easy, comparing ** ** "***** on *****." ** **** the ******* **** *** attention ** *** ****** cybersecurity **** ** *:
** *** * ******* process. *** ** ** trial *** **** ****** evidence *** **** **** that ********** ** **** for *** ***** *** then **** ********* ** in ***** ** *** people **** **. *** findings *** ******** ** that ****. ** *** a *** ** ********* information *** ****** **** everything *** ** ** should **. ** ******* lots ** **** *** my ***** ***** ****—** 5 ******.
***********, ********* **** **** UL ***** ********* ***************, they ********* *** ************ to Genetec for ******** *********** ** repair:
***** *** * ** employee *** *** *** advocate *** *** ******** to *** ****. ** presented **** ** ***** to ** *** ** needed ** ****** *** it ** ******* *** it ** **** ** is.
********* **** **** *** *** up ****** ** ****** some ******, ********* *********** in ******* ********* ******* operational **********:
**** **** ********* *** procedure, ** * *** to ********* ** ******* a ********* **** ** already ***, *** ****'* have ** ******* ****. They ****** *** *************. So: '**** *** **** vulnerabilities, *** *** *** going ** ******** **** and *** ****?'
********* ******* *** ******* helped ******* *******, ****** the *********** ** ********* and *** ********* ** new *****:
** ********** *** ****** exam **** ** **** using ****’* ******** **** problems. ********* ***** *** stronger ** ****** ** different ******. ** *** tried ***** ****—******************—******, *** **** *** improved **.
********* **** ****** *********** testing ****'* ****** *** that *** ** ************* means ******* **** ********** accountable:
**** **** *********** *******, you ***’* **** ** fix ********. **** **, we **** ** *** whatever ******** **** **** or ** ***’* *** the *************.
Cost *** *************
******* **** *** ***** certification ******* **** **** $50,000 ** *****, **** notable ********* ***** ** maintain ********** ** ** guidelines. ********* **** ***** that *** ************* ******* only ******* *** ******* version, ** **** ******* was ***** ** **** on ** ***** **** version—they *** ********* ********* version 6—they **** **** ** redo *** ************* ******* all **** *****.
Highest ** * ******
******* ******** *** ******* of *** * ******, which ******** ********** **** levels * *** * as **** ** ** assessment ** ******** ************ of *** ******* **** knowledge ** ******** ******** controls *** ** ******** practices ** ******* *** lifecycle ** *** *******, as *** ********* ******* from **'* ******* ** Investigation *** *** *************:

Testing *********
******* ******** **** **** documentation ********* ******** *********** analysis ** *** ****, explaining:
**** ********* **** *** software *** *** ** determine ** ******** **** source ********** *** ****. If **** *** **** then ** ***** ** determine *** ******* *** then ***** ** *** if **** ******* *** known ***************.
*****, ** ***** *************** of ***** ******* *** previously *******:
*** ******** ****—***** ****—** *** **** ****** used ** *** ********. Their **** ** *** I **** ***** ***** of *****************. ** ***** ****** that ***** **** ****’* flag. *** ************ ******** of ****** ***** **** false ******** *** * small ****** **** **** positive.
*** ***** ** *** scan ** ********* ** reflected ** *** ******* graphic *****:

**** **'* ***** ********** potential ***************, *** ******* was ******* ** *******'* attention *** **** **** given * ****** ** respond, ** ** **** redacted *******:

Others ************
*** *** ******** ** ******* *** UL ****-*-* ****** **** **** ***** VideoEdge ******** **** ******** Dynamics.
*** **** *** ******* process *** ****-*-* ** was ********:
***** **** ** ******* UL2900-2-3 ***** * ** was * ******** ****** of *******, ******* *** policies. *** ******* **** of *** ******** ** all *** **** ****** to ** ********.
***********, *** **** **** the ************* ******** ** assurance ** ********* **** a ************ ******* *** doing ***** **** ** secure *** **** ********* could ***** **** *** their ********:
**’* ** *********. ** assures **** *** ************ is ***** ***** **** to **** **** ******** are ********* ************ *** mitigates *****. ** *** industry, ** ****** * level ******* ***** *** end ***** *** ******* designers, *** *** *** trust **** * ** CAP ********* ******* ***** the ************ ** ****** cybersecurity *********. ***** ***** cybersecurity ************** *** *********, the ** ****-*-* ********** standard ** ******** ** electronic ******** ******** ********.
*** *** ******* *** currently *** **** ******** companies ** ** ******* 2900-2-3
***** ******** * ***** ****** (outside *** ******** ********) that have **** **** ****** certificated (*** **** ** ** logged **** ** ******* IQ ** *** *** list ** **** ****** certificated *********) ** **** level ***** **** ****-*-*.
Vote / ****

Comments (14)
Dan Gelinas
Please note: This story has been updated to include the followint input from JCI, which was the first manufacturer to achieve the UL2900-2-3 L3 listing.
JCI said the vetting process for 2900-2-3 L3 was thorough:
Furthermore, JCI said that the certification provided an assurance to customers that a certificated company was doing their part be secure and that customers could trust them and their products:
Create New Topic
Undisclosed #1
I think it is a good thing, that at least someone is trying to implement a baseline standardization and processes for certifying a service/hardware from dev to production. However there is no pre coded software that will block an unknown attack, being unknown means it is unique, fresh and definitely not patched. This UL cert is only a launch pad, once you are up there outside of the atmosphere where there is no updates to a static one time certification, good luck. The false sense of security is not driven in layman's terms for the end user/corporation looking to hurry up and buy. This cert is a drop in the bucket however if they start advertising as if their platform is magically immune to the dynamic people that love to watch systems fail, well they have another thing coming. As far as JCI, I just laughed, first of all VE is already Suse, perhaps some perl, mongo, docker and apache. All the nerds already know how to hardened *nix systems, I can see the one standing in the back cubical murmuring hey boss, if we tweak this we can get this certification. Ezpz.
In a nutshell lets pay more ssa, more ipc license, more ul cert costs and definitely inform our customers each year just how secure they are.
Security is a living breathing entity where the white hats are static and the black hats are dynamic. That is what makes it work.
Yours Truly, UD1
Create New Topic
Sean Nelson
12/20/18 02:48am
This is great! If hikvision passed this, would they be as cyber secure as genetec?
Create New Topic
Fabian Muyawa
IPVMU Certified | 12/27/18 01:23pm
Genetec is indeed serious with Cybersecurity as seen in process they have undergone to achieve this level. This is encouraging.
Create New Topic
Undisclosed Integrator #2
Soon all manufctuers and even in integrators with thier internal business process as well as with thier installation in the field are going to be required to meet a level of auditable cyber security standards to do business with certain customers...............nice to see UL bring creditability to the cyber security compliance opportunity
Create New Topic
Undisclosed Manufacturer #3
We have tried to contact UL via their form with no response... any suggestions?
Create New Topic