Secure - Metasys - LIT-1201526 - General System Information - Metasys System - 13.0.50

Metasys System Product Bulletin

Product name
Metasys System
Document type
Product Bulletin
Document number
Revision date
Product status

The Metasys system uses industry-standard system security and encoding protocols to help protect against unauthorized access to data and control systems.

The Metasys system includes the following security features:
  • Support for local, Active Directory LDAP, Active Directory Federated System, and Microsoft® Office 365 authentication.
  • Obscures user names and passwords.
  • Enforces strong passwords and password phrases.
  • Provides an optional capability of sending its configured audit log entries and alarm (event) notifications to an external, industry-standard Syslog server, conforming to Internet published RFC 3164.
  • Provides dormant account settings for users and reports. Dormant user account reports are available in the SMP. These reports can be scheduled on a daily basis. Dormant user account events are also included in the Audit Viewer and the Event Viewer.
  • HTTPS with TLS 1.3 between Metasys components, including the Metasys Server, Metasys UI, System Configuration Tool (SCT), and network engines. This enhancement ensures the highest level of security to protect your building automation system from unauthorized users and computer hackers.
  • Self-signed certificates are installed on supported products, with the option of configuring trusted certificates.
  • Elliptic Curve Cryptography (ECC) certificates for BACnet/SC devices based on the BACnet Standard SSPC 135.
  • One of three security shield icons are displayed in the SMP and SCT UIs to indicate the current level of a connection: trusted, self-signed, or untrusted.
  • SCT 13.0 and later releases offer improved security by forcing users to change default passwords as part of the workflow when interacting with supervisory devices.
  • Updated software licensing technology ensures only licensed, authorized, and released software is running on customer's networks.
  • Users have to log on to SCT with a Metasys local or Active Directory user account.