Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements
1.1 This standard applies to network-connectable products that shall be evaluated and tested for
vulnerabilities, software weaknesses and malware.
1.2 This standard describes:
a) Requirements regarding the software developer (vendor or other supply chain member) risk
management process for their product.
b) Methods by which a product shall be evaluated and tested for the presence of vulnerabilities,
software weaknesses and malware.
c) Requirements regarding the presence of security risk controls in the architecture and design
of a product.
1.3 This standard does not contain requirements regarding functional testing of a product. This means
this standard contains no requirements to verify that the product functions as designed.
1.4 This standard does not contain requirements regarding the hardware contained in a product.