Overview

At LenelS2, system and operational security is integral to who we are. To ensure the security of our products, our world-class secure architecture domain experts design for security and continuously analyze, identify, and improve our offerings. LenelS2’s processes and standards ensure the appropriate methods and controls are proactively applied through all phases of the development and product support life cycle. Rigorous testing and analysis capabilities are continuously implemented to ensure our products meet and exceed international standards of cybersecurity assurance, and LenelS2’s own demanding requirement for customer mission success. The Carrier Way also ensures that customers and end users are responsibly supported for cybersecurity assurance throughout the life of our offerings.

Security Team

Our team is composed of highly experienced and credentialed veterans; diverse and dynamic cybersecurity domain experts who have maintained prominent roles and responsibilities in designing, building, and operating highly secure complex systems at companies ranging from startups to large public companies.

Integrated Cybersecurity

Our Security Engineering Architects work every day with our developers to ensure the Elements system is built according to Carrier's Secure Development Lifecycle and complies with IEC/ANSI/ISA 62443 4-1 standards. They ensure we are using the best available security at every level. This includes encryption, static security scanning, dynamic security scanning, and internal penetration tests. All changes are traceable and audited with reviews of every piece of code to ensure it complies with our high expectations for security. We regularly engage a third party to execute a penetration test to validate that we have been building a secure product. This test examines every service and appliance including our firmware images, looking to bypass our security and document vulnerabilities. They test for a range of issues from denial-of-service attacks to user-permission escalations, and then provide us a letter of attestation indicating the extent of testing and the security risk level identified. A copy of this letter is available to VARs upon request with a valid NDA. Elements is NIS2 and SOC 2 compliant, has earned CSA Star Level 1 certification, and has undergone a 3rd party audit of NIST 800-53 and has been found compliant.

Technical Security Standards

SSO

The Elements solution offers SSO through OpenID Connect (OIDC) to enable any compliant authentication provider to control access to the system. By integrating an OIDC provider with the Elements solution, you can ensure access to your security system stays in sync with your centrally managed identity services.

The Elements system uses the OAuth 2.0 protocol to exchange identity information with Azure's Active Directory B2C. A Roles Based Access Control (RBAC) system is implemented to ensure each user is restricted to the minimum viable access in each of the accounts they work in. A user's identity access is all encoded into a signed token that is validated at every stage of our Elements zero-trust services. Every action taken by a user within the Elements system is recorded in our audit-log and available for auditor users or administrators to review within the customer-specific data retention period.

Encryption

All Data-in-flight is secured using TLS1.2 or higher, while connections from security controllers to edge readers can be secured with OSDP Secure Channel. All data-at-rest is encrypted using AES-256. All LenelS2 certificates and keys are rotated on a schedule to minimize the opportunities for data breach.

Hardening

Elements on-premises components – the gateway, access control hardware, and Elements OnGuard® Connector – do not require any incoming connections from the internet. You don't have to open any incoming ports on your firewall. The gateway comes pre-hardened and tested, and each connection made to the Elements system is validated as authentic.

For more information about the technical specification and security requirements of the Elements Solution, please contact your LenelS2 representative.

Updated by Carrier, February 2024.

© Carrier. All Rights Reserved.