Beruflich Dokumente
Kultur Dokumente
Policy Bulletin
NUMBER: REF-4686
BACKGROUND: This document describes security standards for the installation of building
automation systems on the LAUSD network. Refer to Bulletin 4600 for a full
description of the Information Technology Division’s policy concerning building
automation systems.
STANDARDS: Because BAS control building systems manage the critical systems of a building,
care must be taken in connecting them to a shared network. Ensuring the
availability and integrity of building services is of utmost importance. The
security standards described in this bulletin are based on best practices for securely
connecting devices to a network:
1. Account Management
a. Default, guest or anonymous accounts must be disabled, especially
those allowing remote access.
b. Accounts that provide the vendor alternative access to the BAS
(“backdoors”) must be documented and disabled.
c. The BAS must support complex passwords to match LAUSD
policy as described in Reference Guide 1551.
d. Along with local accounts, the BAS should support use of external
authentication services like RADIUS or LDAP.
2. Removal of Unnecessary Services and Programs
a. The BAS must support the capability to disable or remove
unnecessary or unneeded services and programs. For example, if a
device supports both Telnet and SSH for remote administration, the
Telnet service can be disabled by a technician.
3. User Interface/Encryption
a. If the BAS provides a web browser based interface:
i. Web server must support HTTPS/SSL.
ii. Web server must protect against common exploits (XSS,
SQL injection).
REF-4686
Office of the Chief Information Officer Page 1 of 3 May 5, 2009
LOS ANGELES UNIFIED SCHOOL DISTRICT
Policy Bulletin
ITD Security will conduct a security vulnerability scan of the building automation
system to confirm it meets the standards described in this bulletin.
If a candidate BAS does not meet one or more of the standards enumerated above,
additional mitigating security controls may be required before the deployment of
the system on the LAUSD network. Please contact the ITD Security Office for
guidance in this situation.
REF-4686
Office of the Chief Information Officer Page 2 of 3 May 5, 2009
LOS ANGELES UNIFIED SCHOOL DISTRICT
Policy Bulletin
ASSISTANCE: For further information please call Gashaw Teshome, Coordinator of ITD
Security, at (213) 241-0627.
REF-4686
Office of the Chief Information Officer Page 3 of 3 May 5, 2009