Secure - Johnson Controls - LIT-12012497 - Software Application - OpenBlue Enterprise Manager - 4.1

OpenBlue Enterprise Manager Product Bulletin

Brand
Johnson Controls
Product name
OpenBlue Enterprise Manager
Document type
Product Bulletin
Document number
LIT-12012497
Version
4.1
Revision date
2022-05-23
Language
English

EM uses industry-standard system security and encoding protocols to protect against unauthorized access to data and control systems, including the following security features:

  • All EM components (UI, API) use HTTPS, HTTP Strict Transport Security, and SSL.
  • Certificates to prevent unauthorized access to secure, encrypted communication.

  • Supported services such as EM Gateway (Data Collector) use self-signed certificates that are installed on supported products with the option of configuring trusted certificates.
  • EM enables different users to hold various roles with particular configurable rights, and data is available based on these specific roles.
  • EM’s Enterprise Identity Management System (EIMS). The EIMS has a login workflow to ensure the authentication process is secure through issuing temporary authorization codes in exchange for a secret access code. As the access token is never visible to the user, this is the most secure way to pass the token back to the application, reducing the risk of the token leaking, and the risk of an attacker intercepting the authorization code.
  • EM also offers additional password security features which ensure unauthorized users cannot access the application:
    • Multifactor authentication: If a user forgets a password, the user has to validate a one-time password sent through email to enable password recovery.
    • Password expiry policy: Requires the user to change their password every 60 days.
    • Password history checking: Users can not re-use any of their past 10 passwords when they reset their password.
    • Password lockout: EM application locks out a password after multiple retries.
    • Credentials on two screens: User ID and passwords are typed on two different screens.