Table of Contents
Advertisement
Network recommendations
Meter firmware upgrades
Server upgrade:
Safe disposal of consumption data
Software licenses
Report security vulnerability
The Head End software must be securely managed this includes the meter keys
and database with limited access. Use firewalls wherever necessary to secure the
network and Head End System software.
Perform Key Management according to "Recommendation for Key Management,
Special Publication 800-57 Part 1 Rev. 5, NIST, 05/2020."
The meter firmware must be upgraded to the latest version as soon as a new
version is available, to maintain performance. Honeywell will provide notification
of important firmware upgrades when available.
The server software must also be upgraded when the latest version or patches are
available. The server must use the following minimum key sizes for secure
management of the database, software, and key storage.
Minimum RSA Length: 3072 Bit
1.
Minimum ECC Key-Size: 256 Bit
2.
Minimum AES Key-Size: 128 Bit
3.
Minimum Hash Algorithm: SHA-256
4.
All the PCBs, which may contain sensitive software and/or personal data, must be
disposed of using a method which make sures that the data cannot be restored
(e.g., shredding by a certified waste disposal contractor).
This device uses open-source software. For further details, see
www.docuthek.com.
A security vulnerability is defined as a software defect or weakness that can be
exploited to reduce the operational or security capabilities of the software.
Honeywell investigates all reports of security vulnerabilities affecting Honeywell
products and services. For details on Honeywell security policy, visit
https://www.honeywell.com/en-us/product-security.
46
Advertisement
Table of Contents
