Axis Communications, a global industry leader in video surveillance, has signed the U.S. Cybersecurity & Infrastructure Security Agency’s (CISA) Secure by Design pledge to transparently communicate about the cyber security posture of Axis products.
The voluntary Secure by Design pledge of the U.S. government agency, CISA, calls on manufacturers to make the security of customers a core business requirement by addressing seven key aspects of security:
● Use of multi-factor authentication
● Reduce default passwords
● Reduce classes of vulnerabilities
● Enable customers to easily install security patches
● Publish a vulnerability disclosure policy
● Demonstrate transparency in vulnerability reporting
● Demonstrate a measurable increase in the ability for customers to gather evidence of cybersecurity intrusions affecting the manufacturer’s products
“CISA’s Secure by Design pledge aligns well with our goal of making cyber security a core part of what we offer,” says Johan Paulsson, Chief Technology Officer, Axis. “By making this pledge, we affirm our continuous commitment to helping customers follow cyber security best practices and drive greater accountability in the physical security industry.”
Reducing the risk of software vulnerabilities is an integral part of Axis software development. Axis developers follow the Axis Security Development Model (ASDM) in order to mitigate security risks throughout the product lifecycle. The security framework, involving processes and tools, also includes strengthening product security through external resources, namely through Axis’ bug bounty programmes and enabling people to easily report bugs or vulnerabilities to the Axis Product Security Team.
Axis patches and discloses vulnerabilities as a CVE Numbering Authority (CNA), and the company’s published vulnerability management policy outlines what, when and how it works with vulnerability disclosures. The Axis Trust Center serves to provide cyber security and compliance information for Axis as a company and for AXIS OS-based network products, and will eventually cover other Axis products and services as well.
As part of the CISA pledge, Axis is committed to regularly sharing insights and progress into the cyber security posture of its products. It enables customers to verify and hold the company accountable, and helps strengthen the trust that customers should have when using Axis products.
