Johnson Controls products are developed using a secure-by-design approach. Security features for each solution are selected based on the application and environment they are targeted for.
Here are just a few examples of the advanced safeguards and assurances you can find within our solutions:
With zero-trust architecture, granular access controls and micro-segmentation is managed to reduce the attack surface and provides protection against unauthorized access, lateral movement and malware propagation.
Remote Access/Software Defined Perimeter (SDP)
Secure Boot
Protecting a device starts at boot time with protection spanning the hardware and software stack. Secure boot ensures that a device starts using only unaltered software that is trusted by the Original Equipment Manufacturer (OEM).
Examples: Metasys, Illustra, iSTAR Door Controller
Helps administrators understand and address potential concerns. Identify issues such as:
Examples - Metasys, Metasys Cyber Health Video and Demo, VideoEdge
ISASecure Component Security Assurance (CSA) Certification
Conformance with IEC/ISA 62443-4-2 ensures that product and solutions have sufficient safeguards within the software applications and embedded devices have sufficient safeguards according to appropriate security levels.
Examples: York Chillers
Federal Information Processing Standard (140-2) specifies the security requirements that will be satisfied by a cryptographic module, providing for increasing, qualitative levels intended to cover a wide range of potential applications and environments.
Johnson Controls creates solutions which respect global fair information practices and Privacy by Design.
OpenBlue is a complete suite of connected smart building solutions, from edge to cloud. OpenBlue and other cloud-based solutions from Johnson Controls hosted in Microsoft Azure, Google Cloud or Amazon Web Services are protected environments that conform to industry recognized standards, such as:
Additional security compliance information for these environments is available at:
For everything from asking a question to raising an alarm, please use this form for a quick response from our Johnson Controls cybersecurity organization.
If you are aware of a potential security vulnerability in a Johnson Controls product, service or solution, or have a product security question, please contact us at productsecurity@jci.com.
Please use a downloadable PGP key to secure communications.
When submitting a concern, please include the following information:
Thanks to all who partner with us to create a smarter, safer, more sustainable world.
Johnson Controls tracks, identifies and proactively addresses ever-evolving cybersecurity threats every day – it’s a top priority. This commitment is reflected in our technology innovations and continual product development to keep building management systems, IT infrastructures, and connected equipment secure.
Our dedicated cybersecurity team works with local professionals to address your concerns and immediate threats to system security. We encourage a partnership that follows best practices for IT security.