UL 5500:2018-09 Remote Software Updates. UL 5500 covers REMOTE software updates taking into account the manufacturer’s recommended process. It is limited to software elements having an influence on safety and on compliance with the particular end product safety standard. This standard additionally covers hardware compatibility necessary for safety of the REMOTE software update. NOTE 1 This standard does not cover: — Functional SECURIIV such as premises, physical, and other similar SECURITY purposes; — Safety related availability or connectivity of REMOTE communications: — Field updates done with physical access by qualified personnel; — Software development lifecycle and maturity; — Cryptographic techniques for the purposes of user data confidentiality and consumer privacy; — Insider threat (corporate espionage); and — REMOTE control operation of the product. NOTE 2 This standard is intended to be used in conjunction with the appropriate end product safety standard. 2 Normative references For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies: FIPS 140-2, (Annexes A, B and C) Security Requirements for Cryptographic Modules IEEE 802.3, Standard for Ethernet IEEE 802.11, Information Technology — Telecommunications and Information Exchange Between Systems — Local and Metropolitan Area Networks — Specific Requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications IEEE 802.15.4, Standard for Low-Rate Wireless Networks ISO/IEC 9796, Information Technology — Security Technologies — Digital Signature Scheme Giving Message Recovery ISO/lEG 9797-1, In formation Technology — Security Technologies — Message Authentication Codes (MA Cs) ISO/IEC 9798 (all parts), Information Technology — Security Technologies — Entity Authentication ISO/lEG 10118-1, Information Technology — Security Technologies — Hash-Functions — Part 1: General 3 Terms and definitions For the purposes of this standard, the following definitions apply. 3.1 AUTHENTICATION the process of verifying the identity of an ENTITY. 3.2 AUTHORIZATION the process of permitting an authenticated ENTITY to access or manipulate the product or the product property to the extent the ENTITY has such permission. Note to entry: In this context, manipulation means the downloading, installation and verification of software. 3.3 ENTITY a person, device, product or service which interacts with another via a network. 3.4 INCIDENT an occurrence that actually or potentially results in adverse safety consequences in the end device application. Note to entry: INCIDENT is modified from: https://niccs.us-cert.gov/glossary#l 3.5 REMOTE a term defined by the end product standard. Note to entry: In the end...
Download Address
Download