For general recommendations based on the Best Practices for Enterprise Security document on Microsoft TechNet, follow this link:
For the most up-to-date security recommendations, we recommend discussing your site security with your local Johnson Controls field support team. High-level security recommendations include:
- Do not allow cross-frame scripting by setting X-Frame values to Deny or SAMEORIGIN.
- Ensure the appropriate cipher keys exist and are enabled.
- Ensure client and server protocols keys exist are either disabled or enabled depending on guidance from the field support team.
We recommend contacting your local field support to implement these security recommendations.