Axis Communications has signed the U.S. Cybersecurity & Infrastructure Security Agency’s (CISA) Secure by Design pledge, affirming its commitment to transparently communicate the cybersecurity posture of its products and services.
The pledge reinforces the importance of embedding cybersecurity as a core business requirement and advancing greater accountability in the physical security industry.
What The Secure By Design Pledge Requires
The voluntary Secure by Design pledge from CISA calls on manufacturers to strengthen customer security by addressing seven critical areas:
• Use of multi-factor authentication
• Reduce default passwords
• Reduce classes of vulnerabilities
• Enable customers to easily install security patches
• Publish a vulnerability disclosure policy
• Demonstrate transparency in vulnerability reporting
• Increase customers’ ability to detect cybersecurity intrusions
“CISA’s Secure by Design pledge aligns well with our goal of making cybersecurity a core part of what we offer,” said Johan Paulsson, Chief Technology Officer at Axis. “By making this pledge, we affirm our continuous commitment to helping customers follow cybersecurity best practices.”
Implementing Security Across The Axis Portfolio
Reducing software vulnerabilities is an integral part of Axis’ development process.
Developers follow the Axis Security Development Model (ASDM), designed to mitigate risk at all stages of the product lifecycle.
Security is further strengthened through external resources, including bug bounty programs and simplified vulnerability reporting to the Axis Product Security Team.
Axis also operates as a CVE Numbering Authority (CNA). Its vulnerability management policy defines how, when, and what information is disclosed.
The Axis Trust Center provides access to security compliance and cybersecurity information for AXIS OS-based network products and other services.
AXIS OS-Based Network Products
Axis’ range of IP-based network devices—including cameras, intercoms, loudspeakers, and access control solutions—are powered by AXIS OS.
AXIS OS is built with no default passwords and supports multi-factor authentication when integrated with centralized identity and access management systems.
Devices are zero-trust enabled by default, allowing secure authentication via IEEE 802.1X and IEEE 802.1AR-compliant identities during onboarding.
AXIS OS also supports IEEE 802.1AE MACsec encryption and double-encrypts secure protocols such as HTTPS and TLS-based communications.
Additionally, AXIS OS devices include hardware-based secure key storage certified to FIPS 140-3 Level 3 and Common Criteria EAL6+.
AXIS Camera Station Protection
Axis video management software—AXIS Camera Station Pro and AXIS Camera Station Edge—supports secure encrypted communication across all devices and clients.
External communication is protected using 256-bit AES encryption via Axis Secure Remote Access v2. Client-server and device communication is secured with TLS 1.2 or higher.
The software offers granular access control and user authentication. AXIS Camera Station Pro supports local and Windows Active Directory authentication, while AXIS Camera Station Edge enables two-factor authentication.
Audit logs, alarms, and real-time notifications enhance system visibility and accountability.
Axis Communications is a global leader in network video surveillance and security solutions. The company develops intelligent technologies that improve safety, security, and business performance across a wide range of industries. Axis is known for its commitment to innovation, cybersecurity, and open architecture design. https://www.axis.com
https://security.world/article/boosting-zero-trust-security-in-physical-environments
https://www.axis.com
Frequently Asked Questions (FAQs)
What is the CISA Secure by Design pledge?
It is a voluntary commitment that requires manufacturers to prioritize security by design, improve transparency, reduce vulnerabilities, and help customers better protect their systems.
Why did Axis sign the pledge?
Axis signed to reaffirm its long-standing commitment to embedded cybersecurity, transparency, and industry accountability.
Does AXIS OS support zero-trust security?
Yes. AXIS OS enables zero-trust networking by default with secure device identity and authentication capabilities.
How does Axis protect data in AXIS Camera Station?
Data is encrypted using 256-bit AES and protected with TLS 1.2 or higher, alongside strict access controls and logging.
Where can users find cybersecurity documentation from Axis?
Information is available via the Axis Trust Center and the company’s vulnerability management policy.