Axis Backs CISA Secure by Design Effort With Formal Pledge

Axis Communications announced it has formally signed the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design pledge, a voluntary commitment aimed at vendors that treat customer security as a core business requirement.

The move highlights Axis’ approach to building security into its cameras, intercoms, audio devices and access control products from the outset.

The CISA pledge asks participating manufacturers to follow seven key practices. These include support for multi-factor authentication, removing default passwords, reducing known vulnerability classes, simplifying patch installation, maintaining a vulnerability disclosure policy, reporting discovered vulnerabilities in a transparent manner, and enabling customers to gather evidence of cybersecurity intrusions.

Axis CTO Johan Paulsson stated these principles already align with the company’s product-security strategy.

“By making this pledge, we affirm our continuous commitment to helping customers follow cybersecurity best practices and drive greater accountability in the physical security industry,” he said.

Cybersecurity framework overview

Axis’ internal software development framework, the Axis Security Development Model, guides secure engineering practices throughout each product’s lifecycle. The company also operates a bug bounty program and allows public reporting of vulnerabilities, with disclosure handled through the Common Vulnerabilities and Exposures system.

Across Axis’ hardware portfolio, all devices run on AXIS OS, which is designed without default passwords and supports multi-factor authentication along with zero trust networking by default. Features include secure device identities based on IEEE 802.1AR, encrypted communications using IEEE 802.1AE MACsec and TLS-based protocols, and hardware-protected cryptographic keys certified to FIPS 140-3 Level 3 plus Common Criteria EAL6+.

Axis’ video management offerings — AXIS Camera Station Pro and AXIS Camera Station Edge — provide secure communications via 256-bit AES encryption and TLS 1.2 or higher. The software supports multiple user access levels, two-factor authentication for Edge, password protection and audit log generation for system activity.

For lifecycle management, Axis provides AXIS Device Manager, AXIS Device Manager Edge and AXIS Device Manager Extend to support centralized patch deployment, certificate updates, configuration management and administration of security services such as HTTPS, IEEE 802.1X and password controls.

Axis Cloud Connect, the company’s hybrid cloud platform, adds TLS-protected device-to-cloud connectivity, single sign-on with multi-factor authentication and automated audit-log monitoring to support evidence gathering for potential cybersecurity events.

With its signature on the CISA pledge, Axis said it will share ongoing updates on product cybersecurity so customers and the broader community can validate the security posture of its solutions.