California’s Civil Code Title 1.81.26, Security of Connected Devices, approved under Senate Bill No. 327 (2018) is effective on January 1, 2020. This law is the first of its kind and is designed to provide discipline and minimum-security requirements to protect all connected devices and data from unauthorized access and other malicious actions.
Acuity Brands is taking this new law very seriously and has engaged in a year-long review of all its connected devices, including nLight®, Atrius®, Fresco™, ROAM@®, and Pathway Connectivity Solutions® products. This review consisted of validating existing security measures and implementing additional security features so that all Acuity Brands products/solutions offered for sale in California after January 1, 2020, at a minimum, will comply with Title 1.81.26.
- Wired and Wireless System shall be compliant with California Civil Code Title 1.81.26,Security of Connected Devices, approved under Senate Bill No. 327 (2018).
- Vendor must provide a clear and documented method to contact them regarding a vulnerability and should have a dedicated Product Security Incident Response function.
- Company shal! build its security risk, governance and compliance infrastructure leveraging
standards-derived policies, industry best practices and guidelines.
- Lighting contro! system shall disallow the use of default passwords and require passwords
to be updated prior to use.
- System controller or gateway shall support user role-based access, such as administrator,
user, and viewer.
- System controller or gateway shall use signed firmware to ensure that unmodified, authentic software is always installed.
- System controller or gateways communicating across an IP network shall protect in-transit
data using strong encryption algorithms such as AES or TLS1.2+.
- All cloud-based communications shall use Transport Layer Security version 1.2 or later
- Wireless devices shall use AES encryption to secure communication, with unique
encryption keys for each job site.
- Wireless devices shall use signed firmware to ensure that unmodified, authentic software
is always installed.